Is Cyber Security the World's most expensive clown show?
It’s becoming ever more obvious that cyber security benefits (i.e. quantifiable risk reduction) aren’t being realised in relation to the money being burned. And the Board’s new hot question is: Who’s the bigger clown? The CISO who pretends they’ve just discovered there’s no transparency in what they do? Or the CEO who pretends they’re shocked that cyber security business cases don’t add up?
CISOs’ are now being held to account for a lack of performance when they can’t produce evidence that the money they spent made a difference. The responsible CISO recognises that protecting value needs to be financially prudent, to demonstrate it and to make it real every single day.
There’s no doubt that getting cyber security right is important to businesses and their customers, but when will cyber security stop being ideology-driven and start being fact-based?
As Warren Buffett said “Only when the tide goes out do you discover who's been swimming naked.”
Co-CEO & Growth at Exorde - Data - Billions of posts in real-time from every social and news platform in the world. Threat Intel - Defence - AI Training Data - Disinformation - Financial - Marketing - Politics - Events
7 年Some of it is.
OT Cybersecurity Leader | Solution Architect | AI Implementer | MBA, MCIIS, GICSP
7 年Presenting results in a less-than-meaningful way probably comprises a lot of this problem: Board reports containing lots of statistics about vulnerability counts, malware infections etc have no business context and don't answer the key question of "are we doing enough and spending enough to protect our revenue?" The other part of the problem is the tenacity to which many hold onto the belief that you can make security better by throwing more technology at it. A case of attempting to solve a problem that's not fully understood in the first place.