Cybersecurity Leadership

Frustration, stress, and increased liability are only a few of the off-putting realities giving CISOs cold feet. It doesn’t have to be that way, experts say.

There is something of a governance malpractice in bringing in a new expert for every problem the Board may encounter

Those who understand “1s & 0s”need to explain to those who work in “dollars & cents” that the cyber-criminal world is evolving into a multi-tiered business structure that rivals their corporate structures

Compliance requirements are meant to increase cybersecurity transparency and accountability. As cyber threats increase, so do the number of compliance frameworks and the specificity of the security controls, policies, and activities they include.

If cybersecurity isn’t on your board’s agenda yet, it should be.

In recent years, the responsibilities of a CISO have dramatically expanded beyond the IT department. How will the role continue to change?

For many CISOs, "materiality" remains an ambiguous term. Even so, they need to be able to discuss materiality and risk with their boards.

Some well-known companies have already made cybersecurity incident disclosures. They are all non-compliant.

Rising cybersecurity demands are changing the role of the head security officer. CISOs need to make a list, check it at least twice, and document every step.

What happens to security leaders that don't communicate security well enough? "Ask SolarWinds."

Although commonly associated with cybersecurity, digital trust extends far beyond that realm. It can be thought of as the invisible thread that establishes a common goal and focus among several distinct organizational roles.

At its heart, governance should be about security practices and focus on risk mitigation as a security concept rather than as a compliance driver. Compliance will be a by-product of good security practices that can be guided by security governance frameworks.

CISOs grew up in the CIO’s blindspot. As cloud and SaaS bring IT and security back together, which will survive their impending deathmatch?

Security isn't just for your organisation, you also need to get closer to your suppliers, especially those providing critical services.

The rise of bad bots is just one more reason for companies to ensure that their fraud and cyber teams are working together.

A report from Moody’s Ratings shows CISOs and other senior-level cyber executives have become key decision makers within the C-suite.

Cybersecurity is far more than a check-the-box exercise.

Working together and integrating cybersecurity as part of our corporate and individual thinking can make life harder for hackers and safer for ourselves.

The study by Diligent and Bitsight points to advanced security and strong risk or audit committees as good predictors of an enterprise’s financial success.

Organizations must base their cybersecurity strategies on resilience — the ability to weather an attack with minimal damage to data, finances, and reputation.

Four successful women in cybersecurity share their learnings on overcoming gender bias to get to the C-suite.

CISOs can successfully make their business operations more secure and play a larger role in the organization's overall strategy, but there are pitfalls to avoid, Forrester analysts warn.

Cybersecurity is one of those areas where cost cutting must be done with forethought. Cut the wrong things and it can lead to catastrophic results including government fines, criminal penalties and loss of customer confidence. Cut the right things and key risks can still be mitigated and they can be mitigated more efficiently.

By helping CISOs navigate the expectations being placed on their shoulders, CEOs can greatly benefit their companies.

The first-ever CISO was mostly a technically oriented executive. They’ve since evolved into masters of risk management, threat mitigation, regulatory compliance, data privacy, and much more.