A CISO's perspective, how do you collaborate and utilize cybersecurity value with your peers/stakeholders and influence the organisation?

Yaroth Chhay, Senior Vice President & Head of Information Security Division at ACLEDA Bank Plc., Cambodia
content-image

Yaroth Chhay, Senior Vice President & Head of Information Security Division at ACLEDA Bank Plc., Cambodia

Today, manufacturers and most industries are investing in Industry 4.0 innovation and leveraging cutting-edge automation, AI, and hyper-connected infrastructure technologies to compete in a global market for their competitive business advantage.

The increasing use of AI/ML/DL technologies and soaring demand for Cloud Computing, IoT (Internet-of-things) & EoT (Enterprise-of-things) devices are likely to strengthen market progress and modernize their digital products and services. Modern technologies are more vulnerable and expose critical services to cyber risks, leading to cyber-attacks and could significantly disrupt the process of business transformation and business strategy. Hence, it requires a high level of multiple security measures to manage and mitigate these risks into an acceptable level of business risk appetite and consideration for alternative solutions to control the risk and enable critical business processes to move forward.

What significant roles of CISO or Cybersecurity leaders come into play to enable business processes?

In the last few years, CISOs or security leaders were only required to be technical experts, but the situation has changed. Now, the roles of a CISO are unique, dynamic, diverse, and challenging. They are required to develop traits that go well beyond the technological stack. In an organization, we are positioned to set a security strategy for operational and tactical security implementation, including cybersecurity and privacy, and data asset protection, while ensuring that the cyber risk is kept at an acceptable level. Our ultimate goal is to ensure security and privacy compliance risks are mitigated and maintained by securing and protecting the organization'sorganization's critical business processes from security threats, data breaches, and other cybersecurity events.

As a leader, CISO or security leader needs to set the vision, build a strategy that aligns with the business goal, and ensure that there is no misunderstanding about the goal. Our primary focus is to understand the business strategy and addresses the security challenges, and prepare the organization with the right sets of tools, skills, and capabilities to defend against security risks.

The road to success is not a cakewalk, as there are many hurdles to achieving the goal.

Digital transformation in business has increased the complexity of IT architectures and has added new risks within an organization.

To overcome all these struggles, CISOs or security leaders need to understand business context requirements and adapt themselves to the modern security perspective and flexible cybersecurity frameworks and approaches to transform cybersecurity into a business function and enable business growth.

How do CISOs or cybersecurity leaders create more value for businesses and shareholders?

Cyber value is a value-centric approach. When integrated into the cybersecurity risk management process, it enables organizations to prioritize the cyber risk within an acceptable level. The value-centric approach will help business executives answer questions such as, "What is the ROI on cybersecurity investment?" When cyber risk management is conveyed in financial terms that every company stakeholder understands. It leads to better corporate decision-making and cooperation.

All organizations, private or public enterprises, are exposed to cyber-related loss or cyber risk. Hence they must be communicated to the organization's executives. Most executives have three significant areas that need communication from their cybersecurity team:

• Cyber risk status: Bad news should not surprise them. The board of director members and C-level can invest in financial resources and call for support from other business functions.

Cybersecurity is not an IT issue. It is a business issue that affects the company's bottom line. It can drive up the cost, affect revenue, and also disrupt the ability to innovate and gain or maintain customers.

• Cyber risk analysis: As the owner of the enterprise risk, they need to make high-priority risk decisions that are timely and actionable.

• Cyber risk posture: They must communicate the organization's cybersecurity story to various employees and partners, sometimes on the spur of the moment.

Cyber risk quantification enables security and business discussions to occur in a language that everyone understands. Quantifying cyber risk in monetary terms allows businesses to assess the cyber risk of various efforts. Executives may weigh the potential cost of cyber risk events against the value of revenue, customer, and market share growth target.

Cyber value is derived from high-level Cyber Risk Management, Cybersecurity Strategy, Cyber Compliance, Cyber Culture, and Cyber Resilience that create the key value-focused, enabled, and built business-trusted from all levels of business stakeholders.

CISOs or security leaders definitely need to determine and understand the key area and potential peers/stakeholders' expectations and value to the organization. Communicate and deliver this effective positive business outcome to them at the appropriate level of business risk appetite.

CISOs or security leaders can deliver, convey and translate cybersecurity strategies, security goals, and technical terms into the business language to explain potential business outcomes derived from the results of cybersecurity programs to meet the objective of what business leaders need and understand the goal of the organization. Strong communication skill is even more vital in the cybersecurity leader's role, which is considered highly complex and ambiguous by decision-makers. Cyber leaders can leverage this effective communication and link cyber resilience to strategic matters which executives and directors do care about: corporate value, reputational and business growth, customer retention, capital raising, and success in mergers and acquisitions.

tag

Financial

Cloud Computing

ROI

IoT

Industry 4.0

Read Also

Streamlining Operations and Empowering Teams in Facilities Management

Streamlining Operations and Empowering Teams in Facilities Management
Shaye Rogers, Workflow Support Manager, Cushman & Wakefield
Technocreativity: The Synergy Of Technology And Creativity

Technocreativity: The Synergy Of Technology And Creativity
Tran Nguyen Phi Long, Group Head Of Retail Marketing, Pnj Group
Leading It And Digital Transformation At Ikea: Insights From An Industry Veteran

Leading It And Digital Transformation At Ikea: Insights From An Industry Veteran
Sigit Triwibowo, Head Of It And Digital, Chief Technology And Digital, Ikea
Executive Leadership And Digital Transformation In The Global Fashion Industry

Executive Leadership And Digital Transformation In The Global Fashion Industry
Eiko Ando, E-Commerce And Digital Director, Pvh Corporation
Digital Transformation in Fashion Retail - From Efficiency to Experience

Digital Transformation in Fashion Retail - From Efficiency to Experience
Le Van, CTO, YODY Fashion
Driving IT Transformation at Lactalis Australia

Driving IT Transformation at Lactalis Australia
Sabina Janstrom, Chief Information Officer, Lactalis Australia
AI Adoption in Hospitality: Striking the Balance Between Innovation, Excellence and Trust

AI Adoption in Hospitality: Striking the Balance Between Innovation, Excellence and Trust
Phiphat Khanonwet, Head of IT, Onyx Hospitality Group
The AI Rat Race - Keeping Up with New Technologies or Waiting for Maturity?

The AI Rat Race - Keeping Up with New Technologies or Waiting for Maturity?
Andreas Kurz, Global Head of Digital Transformation, ALFAGOMMA Group