The bold decisions CISOs need to make today

Issue 6 2021 Information Security

This is a rare opportunity to drive an agenda that puts security at the heart of every future step. And we know that business leaders are receptive: security has shot up the boardroom agenda with 58% of business leaders noting improving data and network security as the issue of most importance to the organisation over the past year. More than ever, CISOs (chief information security officers) are getting involved in decision-making from the outset – and they need to be ready to lead from the front.

Organisations are changing how they operate as they begin to get a clearer vision as to what the future of work looks like.


Kevin Brown.

We’re entering the era of hybrid working, where some employees remain homeworkers, others return to the office full time and a large part of the workforce splits their time between the two. Organisations that want to win people back to the office need to pay close attention to their users’ experience – why should they stop working from home where they’ve got a steady supply of the coffee of their choice, a comfy sofa for breaks and a good broadband connection? Offices need to play connectivity catch-up if they’re to supply the seamless experience expected for effective collaboration and productivity.

This is an opportunity for organisations to baseline what they have and clear out the skeletons from the closets. It’s not often leaders get the freedom to fundamentally rethink how their business operates. This is a chance to be bold about the infrastructure plans and security investments, to put the organisation in the best possible place to capitalise on growth and tackle any future challenges.

Standing firm against a growing threat landscape

As well as preparing for the future of work, organisations are recognising that the threat landscape is escalating in an ominous way and are looking to do something about it. In recent research we conducted with over 7000 business executives, employees and consumers, 75% of executives said there are more security threats to their organisations every year. So, leaders know they have to be able to react quickly to threats, whilst also building flexibility and elasticity into their infrastructure to see them through at least the next three to four years. And it makes sense to incorporate security from the beginning.

Operating during the pandemic has given organisations renewed confidence that they can make changes at pace, supported by the rise of cloud providers. They’ve realised that agile development is a strong alternative to more traditional and slower waterfall iterative transformation and they’re seizing the moment.

This is a critical time to rethink how the organisation operates, how leaders want their employees to work and what they need from their connectivity and security.

Missing this golden opportunity has consequences

I believe that organisations that don’t make strong moves with their security now risk being left behind. It’ll be a lost opportunity to really capitalise on market growth. Users are becoming increasingly dissatisfied with their connectivity and this affects operational efficiency. And as the threat landscape expands, if organisations don’t make rapid changes to their security, their vulnerability to cyber-attacks will increase.

Some organisations will be more at risk than others. For instance, a cloud-native organisation is likely already in good shape. But those organisations that evolve their infrastructure and security slowly, tend to have to bolt on security, incurring greater costs in the long run. Ironically, being adventurous and strategic in the first instance can save the organisation money.

The bold decisions to take today

So, where to start? Well, above all I believe CISOs should be ambitious in their decisions and below I’ve outlined my suggested focus areas.

1. Put customers and users at the heart of security plans

Explore what will enable them to work in the most productive and secure way, without security causing friction. The idea is to deliver a seamless user experience with invisible security.

2. Make sure security is embedded in all plans

So many organisations today have a lot of different point solutions, but no overarching strategy. Thinking boldly now could protect the organisation against an escalating threat landscape.

3. Ensure the business has visibility and control

Data is increasingly flowing in ways that don’t involve the enterprise network, widening the organisation’s risks and decreasing its control. Threat actors are alert to the possibilities these potential new weaknesses bring, so it’s vital to have end-to-end visibility, from the user/device to the application/data.

4. Embrace automation

Think about how automation can be used as a cost-effective way to take the pressure off security teams so that they can focus on what’s critical.

5. Look for security partners that can help achieve the business aims

Be clear-sighted about what a co-managed security model could provide and how it could be used to stay ahead of threats. Although organisations can be reluctant to outsource completely, working with a partner on a co-management approach is an effective way to fill any expertise gaps.

Get involved in early strategy

Traditionally, the CISO hasn’t always been involved in shaping the strategy. However, right now, when security is at the top of the boardroom agenda, CISOs need to be at the heart of decision-making, shaping and driving a security policy that will protect the organisation as it emerges from the pandemic.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...
Cybersecurity in South Africa
Information Security
According to the Allianz Risk Barometer 2025, cyber incidents, including ransomware attacks, data breaches and IT outages, are now the top global business risk, marking their fourth year at the top.

Read more...
Are AI agents a game-changer?
Information Security
While AI-powered chatbots have been around for a while, AI agents go beyond simple assistants, functioning as self-learning digital operatives that plan, execute, and adapt in real time. These advancements do not just enhance cybercriminal tactics, they may fundamentally change the battlefield.

Read more...
Disaster recovery vs cyber recovery
Information Security
Disaster recovery centres on restoring IT operations following events like natural disasters, hardware failures or accidents, while cyber recovery is specifically tailored to address intentional cyberthreats such as ransomware and data breaches.

Read more...
Back-up securely and restore in seconds
Betatrac Telematic Solutions Editor's Choice Information Security Infrastructure
Betatrac has a solution that enables companies to back-up up to 8 TB of data onto a device and restore it in 30 seconds in an emergency, called Rapid Access Data Recovery (RADR).

Read more...
The rise of AI-powered cybercrime and defence
Information Security News & Events AI & Data Analytics
Check Point Software Technologies launched its inaugural AI Security Report, offering an in-depth exploration of how cybercriminals are weaponising artificial intelligence (AI), alongside strategic insights defenders need to stay ahead.

Read more...
The deepfake crisis is here and now
Information Security Training & Education
Deepfakes are a growing cybersecurity threat that blur the line between reality and fiction. These AI-generated synthetic media have evolved from technological curiosities to sophisticated weapons of digital deception, costing companies upwards of $600 000 each.

Read more...
What does Agentic AI mean for cybersecurity?
Information Security AI & Data Analytics
AI agents will change how we work by scheduling meetings on our behalf and even managing supply chain items. However, without adequate protection, they become soft targets for criminals.

Read more...
Phishing attacks through SVG image files
Kaspersky News & Events Information Security
Kaspersky has detected a new trend: attackers are distributing phishing emails to individual and corporate users with attachments in SVG (Scalable Vector Graphics) files, a format commonly used for storing images.

Read more...