A decade ago cybersecurity was almost an afterthought for corporate leaders. Today, as the escalating risk from cyberattacks for companies, consumers, and government bodies alike is documented daily, it is a pressing topic in the C-suite and boardrooms.
While the threat varies by industry, all business sectors and all global regions must confront this critical management challenge. Cybersecurity tops the priority list, and companies are often adding a Chief Information Security Officer to partner with the CIO.
Among the challenges is identifying and retaining leaders with skill sets as sophisticated, and capable of evolving as quickly, as the cyberthreat itself. Talent is scarce, competition is fierce, and the competition will grow as companies fully recognize how essential information security roles are.
Addressing corporate cybersecurity requires understanding the scope of the threat and defining priorities.
Companies must identify their ‘‘crown jewels’’ from an information security perspective and understand the motivations and capabilities of the attacker. There is a thriving black market for selling credit data, and companies are hacking their competitors for sensitive information. Some attackers practice ‘hacktivism,’ disruption or destruction for political reasons.
Additionally, security breaches can go long undetected, and effectively combating many attacks does not mean dodging all. Cybersecurity challenges often requires a multi-prong strategy, involving outside consultants, software and hardware solutions, and an upgraded internal information security team. Many companies may spend about 3 percent of their IT budget on information security, and 10-15 percent in certain industries, such as financial services.
More CISO positions are being created, but procuring talent with the required blend of skills is challenging. These leaders must understand cyber attackers, their skills, tactics, and motives, and current information technology; and interact in a timely and effective manner with the CEO, senior team, and board. Understandably, these leaders are in short supply.
Effective search strategies include looking across industry sectors. Protection protocol commonalities allow information security specialists to cross sectors, and systems engineers, internal audit professionals, and others are developing expertise, and talent familiar with government information security strategies are hotly sought after. ‘‘Gold standard’’ candidates often from the defense and intelligence establishment.
One thing is clear; the responsibilities of today’s CISO are all-encompassing. They must understand how the company’s risk management policy impacts almost all areas of a company’s business.
Fulfilling this tall order for a company’s mission-critical CISO and other information security professionals simply requires a partnership with an industry-leading executive search team. In today’s world, the high stakes for ensuring corporate information security demand nothing less.