Companies often struggle to integrate cybersecurity into their overall cultures and operations, instead choosing to treat it as an isolated task, separate from overall operations. Similarly, leaders within a company’s cybersecurity fields are often not provided with the tools to exert an influence on the organization’s overall strategy, according to an article in Harvard Business Review. With the growing frequency of cybersecurity threats, however, it is increasingly necessary that companies work to empower their cyber leaders, to allow them to drive overall strategies to reduce risks and ensure robust support and integration with overall operations.
To help both identify and empower these cyber leaders, companies need to:
- Determine their major goals for their cybersecurity, whether that be to ensure business continuity, emphasize security development, or to ensure regulatory compliance.
- Integrate cybersecurity functions within the overall organization in a manner which provides them with influence on key decisions and strategies.
- Identify the skills and mindsets they need in their cyber leaders, to ensure a balance between technical capabilities and directing the overall cybersecurity philosophy.
While the skills needed by these leaders may change over time, the revisiting of goals and functions will help to identify how best to identify future leaders, to ensure a robust long-term organizational cybersecurity philosophy.
Source: https://hbr.org/2019/11/companies-need-to-rethink-what-cybersecurity-leadership-is
