That high-level strategic insight also is critical when the enterprise is moving to enter new markets, or using new technology. This could include new lines of business, entering into new geographies, or such things as the increased use of mobile, extending its IT out to the IoT, and expanding the use of cloud to more critical data and business processes. When engaging in such initiatives, boards are going to need to understand the data security, data privacy, and regulatory implications of these moves. Likewise, CSOs and security managers will need to know how to implement security controls to meet that level of risk acceptance.
In the years ahead, this may be more crucial than ever because enterprises are expected to increase their investment in mobile and wearable technologies and apps, hybrid cloud architectures, the Internet of Things, and become even more global in the number of markets where they compete.
It’s essential that boards and top executives be involved in these discussions and know how their organization’s cybersecurity efforts are impacted by these efforts – and the importance of these discussions can’t be overstated. “It is actually understated because most boards misunderstand security and therefore are misaligned with how security is implemented within an organization,” says Cole. “If after a breach the board fires the CISO or whoever was responsible for security, it is really saying that they were not involved in security.”