8th e-Crime & Cybersecurity France • April 2, 2019
Securing operational agility
From cybersecurity to integrated business risk management
For many CISOs, the biggest cybersecurity challenge is that their organization depends on too many manual or informal processes for cybersecurity. For others, it's the complexity of managing too many disconnected cybersecurity tools.
These issues are essentially about silos, with IT, data and cybersecurity as silos separate from each other, and from other business processes. This is not a sustainable approach.
With digital transformation upending business models and creating additional cybersecurity and data privacy problems, the last thing the business needs is a siloed cybersecurity function.
It needs a department that will enable operational agility by managing cyber risk not as a series of isolated problems, but as a business risk.
But most CISOs have little experience or training in risk management, and few in the CRO's office or other operational risk functions have in-depth IT knowledge.
Bridging this gap is key to ensuring that organisations balance security against the business need to succeed in a digital world.
We'll be looking at the realities of achieving cybersecurity and resilience today, including:
From techie to business partner: how can today's CISOs jump the gap from IT specialist to business risk manager? How do you implement holistic cybersecurity?
From bolt-on to built-in: industry and government need to stop thinking about cybersecurity and start thinking about cyber risk management: what is the difference and why does it matter so much?
How must CISOs adapt to a new environment of scrutiny? As cyber becomes part of corporate governance and social responsibility, what does this mean for the role?
Building a best practice cybersecurity team: how, how much and who?
Staying ahead of the curve is more important than ever. Mandatory disclosure will reveal the true scale of the cybersecurity problem to consumers, to stakeholders and investors, and to the press.
Consumers are already reacting to GDPR with subject access requests and increased complaints. Investors will also be able to see which firms are weak and which strong in terms of information security.
And now, we're seeing how disclosure affects entire business and transaction ecosystems: in the recent Ticketmaster breach, the initial alarm was raised (to Ticketmaster) by digital bank Monzo.
Companies can now compete to show that they disclosed first, winning the reputational battle.
So how should CISOs react? Is this the tipping point at which senior management finally acknowledge that current initiatives and budgets are insufficient? Is it time for a new approach - and if so, how will it affect the role of the CISO?
Join us on April 2 to find out.