The Digital Transformation of the CISO, from backroom to boardroom

Image Credit: Pixabay (Image credit: Image Credit: Geralt / Pixabay)

IDC in conjunction with Capgemini, recently published an analysis of the modern CISO. The analysis is a combination of retrospection, current state of play and the future. With over thirty years of experience and having lived through much of what the report would cover, the approach was with a keen level of interest. Would the report match what many of us have experienced?

For many years the attitude of the cybersecurity profession reminded me of the old Cold War nickname for Andrei Gromyko, “Mr. Nyet”, ("Mr. No"). Some in our profession were viewed as business blockers and not enablers. The engagement level with the business was low. There was also a tendency to stay safely in our silo, emerging only to correct a problem and then reverting back to our domain. Having witnessed these many times in my own career, I decided early on our philosophy should be, “My job is not to say, “No”, my job is to figure out how to say, “Yes”.

Through the years, our profession has matured and changed into one that is viewed today as, “a driver of competitive advantage or differentiation” and “an enabler of business efficiency”, as the study suggests. Interestingly, when discussing the importance and perception of cybersecurity to the business, both CISOs and business executives’ views were within 1.5% on all subjects. Why is information security important to the business? Interestingly, two highest responses to the question were, “vital to the competitiveness of the products/services offered by the company” and as a, “protector of the interests of the customer”. We are no longer selling cybersecurity to executives based on asset and brand protection but selling it on business benefit. 

How the role of CISO has transformed

In my first CISO role, which was for a mid-market heath insurance company in the US, the first near term goal I established was the formation of a board level Risk Committee. The chair of that committee was the General Council and a member of the Board. This gave business risk and cybersecurity the exposure that was needed. The survey concluded that over 60% of organisations have the CISO attending key board and or executive management meetings, along with over 90% of the CISOs having medium to high influence on board and management decisions.  This clearly shows the CISO position has moved into a higher visibility position.

As we have seen, this has come through a noticeable transformation in perception and approach. The CISO is no longer viewed as a business blocker but as an agent of change. This has brought about a seed change from the siloed approach to engagement with the whole of the business, including the board. CISOs are now leading as entrepreneurs and innovators focusing on making the business more effective and efficient, not just security operations.

What is the next step for CISOs? Many modern businesses are concentrating on reaping the benefits of digital transformation. Unfortunately, less than a quarter of business executives see information security as a proactive enabler of digital transformation. CISOs agree, with less than a third of them regarding information security as a proactive enabler of digital transformation. CISOs must visibly participate in the transformation of business with active engagement in such areas as Cloud, IOT, Mobility, Artificial Intelligence, Machine Learning and Blockchain.

CISOs have earned a seat at the table, but they must continue to earn that place by becoming a role model for operational change. They must look for additional avenues to increase the efficiency and effectiveness of their company’s through outsourcing non-strategic elements, removing obsolete technology, making security business-as-usual, and automation and orchestration opportunities. The CISOs position has come far, the only question is where does that journey end? CEO?

Richard R. Starnes, Chief Security Strategist at Capgemini

Richard R. Starnes
Richard R. Starnes is the Chief Security Strategist at Capgemini, where he acts as a thought leader and trusted source, working closely with executives, audit and the board of directors to identify corporate requirements related to security and regulatory compliance.
Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
Buzz Lightyear Space Ranger Spin Rennovations
Disney’s giving a classic Buzz Lightyear ride a tech overhaul – here's everything you need to know
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
Opera AI Tabs
Opera's new AI feature brings order to your browser tab chaos
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead