Cybersecurity on the board: How the CISO role is evolving for a new era

One morning in 2015, Joseph Carson began his presentation to his company’s board of directors about why its cybersecurity division deserved a budget increase. Read more: Here’s how to disclose cybersecurity risk, according to investors This growing awareness of cybersecurity risk means that 40% of boards of directors will have "a dedicated cybersecurity committee overseen by a qualified board member" by 2025, Gartner has predicted, up from less than 10% in 2020. Cyberattacks are commonplace for large organisations, and board directors now view cybersecurity as the second-highest source of risk, behind regulatory compliance, according to a survey by analyst company Gartner. “A CISO needs to be viewed as the leader and executive and, like other executives, needs to work across the organisation.” This change in emphasis in the role has been so pronounced that, in some companies, the CISO has evolved into the 'BISO', or business information security officer. In March, the US Securities and Exchange Commission (SEC) released a proposal that, if approved, will make oversight of corporate cybersecurity a legal responsibility of the executive board. In short, explains Carson, triggering a cultural change within the company as to how it approaches cybersecurity is only the start of the job for the board-level CISO, because, in the end, he says, "it's not just about putting security in place to protect your organisation". There are also signs that these appointments are beginning to have the top-down, cultural impact that appointing a cybersecurity expert to the board is intended to achieve, with 53% of organisations surveyed employing, or planning to employ, a BISO to work with LOB managers to weave cybersecurity into business processes. (Tech Monitor). Continue reading.