Security Management and Data Privacy in the C-Suite
March 29, 2016
An increasing focus on customer satisfaction is driving business models. The demand for more comprehensive services and the trend towards a client/partner relationship calls for more expertise at higher levels.
As security management becomes more important, the boardroom finds itself adapting, and along with it, company structure and culture. Sales, marketing and technology may be separate entities, but are now joining forces to design the policies and strategies that affect their businesses.
Information & Technology: the CIO
The CIO is no longer “the computer guy.”
Traditionally, the Chief Information Officer oversees the computer information processing for a company. It’s his vision that steers technology standards, architecture, planning, and development.
But, the CIO is no longer just the computer guy. He’s driving business decisions—because technology is driving business. And the landscape for the CIO in 2016 is anything but traditional.
New Age CIOs will need to “flip” how they look at IT. Behaviors, technologies, and even business models will adapt to remain competitive. Changes that once seemed a long way off are here: advanced robotics, thinking machines, and the Internet of Things.
- The relationship of vendor/customer has become a partnership. Specialty talent and expertise is being brought in to handle the intricacies of technology.
- Marketing and technology are teaming up to adopt technologies and use data to market.
- To embrace all of this in business, the CIO will need to develop and implement governance for all these new areas.
Security: The CISO
The Emerging Role of the Chief Information Security Officer CISO
The average cost of a data breach in a large company is $3.8 million. That’s nothing compared to the millions that high profile breaches cost companies over the last year.
Security management demands a C-level stakeholder in boardroom discussions and business policy decisions. This is why the CISO has gone from the exception to the rule. He has the greatest opportunity to put controls in place to prevent a breach going forward.
In a 2015 survey, the New York Stock Exchange found the CEO is held accountable for cyber security breaches. He’s followed by the CIO, who is followed by the entire executive team. Those surveyed list the CISO 4th.
In the Target breach of 2014, the CEO and the CIO were the ones who lost their jobs.
Threat landscape is changing.
- CISO no longer has control of or even owns the device
- Employees working outside of the enterprise perimeter pose security risks
- Attacks may go undetected for long periods of time
- Social engineering [insider error] is part of the problem
These types of adversarial complexities demand focused leadership, stricter policies and teamwork.
Read more about Big Data Security in a Wild West World
Compliance: The CCO
C-level Privacy and Compliance for Global Companies
Changes to Safe Harbor and tightening regulations on data privacy are challenging US companies doing business on a global scale. The Snowden revelations have put the spotlight on personal privacy how our data is shared, and with whom.
Data privacy compliance intricacies have added more to the already full plate of the CIO.
A double-duty CIO isn’t enough.
C-level discussions need oversight from a Chief Compliance Officer. The expertise required for effective compliance reaches beyond the traditional CIO. Those who oversee the flow and custody of information must understand geo-fencing legal requirements.
The legal complexities of custody chains and data transfers across international borders demand full-time scrutiny.
Global companies need senior expertise and a dedicated collaborator to weigh in on decisions and develop postures for compliance while protecting their own clients.
Conclusion
To navigate reach and the exposure that goes with it more leadership is needed in the discussion. That is why the boardroom has begun to expand.
Harvard Law stated in their discussion about Board Priorities for 2016, that:
“…Effective boards will balance the viewpoints of tenured directors with the fresh perspectives of new members. A greater diversity of knowledge over a wider range of disciplines is no longer a luxury. It’s a necessity.”