Cyber Threats and Regulations Top List of Challenges for Information Security Officers
 

Cyber Threats and Regulations Top List of Challenges for Information Security Officers

Faced with escalating cyber threats and increasingly complex regulatory mandates, chief information security officers (CISOs) are experiencing growing pressure to protect critical information and infrastructure assets, while also embracing strategic business initiatives to integrate a comprehensive enterprise approach to cybersecurity That's according to Big 4 consultancy Deloitte, which also provides cyber risk advisory services.

“As organizations realize that cyber risk is intimately linked to their innovation and growth strategies, expectations of CISOs are changing dramatically,” said Ed Powers, principal, Deloitte & Touche LLP and US leader of cyber risk services. “An effective CISO can no longer rely on his or her technical expertise alone. They must understand how strategic initiatives create risks and develop security programs that balance the need to drive business performance with the growing realities and complexities of protecting customers, intellectual property, and brand.”

This can be especially challenging for CISOs who are new to their roles and those who are hired from outside and don’t have deep knowledge of the organization. “One of the early expectations of a new CISO is that somehow you are going to step back and see the forest through the trees and be able to tell what you are going to do to make this security program take off. That is where the results of the Transition Lab came into play,” added Powers.

“Going through the CISO Transition Lab enabled me to understand these dimensions and make choices about how I can better build my team as well as discern my role that enables me to give more value to my organization,” said Tim Callahan, chief information security officer for insurance company, AFLAC, the largest provider of supplemental insurance in the US. “Given all the pressures of the job, without that, you’re always putting out fires instead of having meaningful impact on the risk posture of the enterprise.” Read more on CPA Practice Advisor