Why more businesses need a CISO mindset

Wieger van der Meulen, IT Security Manager, Leaseweb Global, stresses that all businesses need an approach which sees security as a leadership issue and discusses how the role of the CISO is evolving to align with this change. 
For many organisations, being completely honest about their approach to security would be to admit they could do a lot more. This is despite the fact that the security risks we all face are more numerous and dangerous than ever.
According to the Department for Digital, Culture, Media and Sport, only 31 per cent of UK businesses have undertaken a cyber risk assessment in the last 12 months. Although this is a 7 per cent improvement from 2018, the findings would suggest that UK businesses are still not placing sufficient emphasis on their cyber security approach and processes.
The question is, why? Cyber security is not dependent on the limitations of affordable software or services. Similarly, companies can’t credibly claim that they are unaware of its importance or how serious it can be if they fall victim to a criminal attack.
That leaves only a few possibilities to explain why security still isn’t higher up the agenda in businesses of all sizes, and one of the most likely is mindset. If businesses view cyber security as a distant risk, or just an IT issue, the natural effect is that there’s no sense of urgency and procrastination becomes the default, long-term security strategy.
What’s needed – for businesses of all sizes – is an approach which sees security as a leadership issue, backed by the attitude that it’s as fundamental as any other key business activity, whether it’s sales and recruitment or tax and cashflow. It’s all about mindset.
Also of interest: How can CISOs be better leaders?

Copyright Lyonsdown Limited 2020