Metrics That Matter
The CISO’s Guide to Assessing, Prioritizing and Justifying Cybersecurity Budgets That Make Business Sense
To understand just how much the role of the CISO has evolved in recent the years, consider the account of one executive at a recent Proofpoint roundtable.
“When I started in the industry, the role of the CISO tended to be the role of a scapegoat,” he recalled. Executive leadership needed someone to blame if things went wrong. But often, they prioritized umbrella insurance policies over investments in security teams and solutions. In other words, he said, CISOs were technologists with limited resources.
But the tide is turning. Threats have grown more complex and can affect more than just a few limited systems within a business. And when cyber attacks grow into full-scale data breaches, they can quickly tarnish or destroy a brand.
This has changed the way that executive leadership views investments in cybersecurity—and the role of the CISO. Boards are paying a lot more attention to what CISOs are doing. And, reflecting the “chief” in their title, CISOs are deeply involved in the overall business strategy. More and more, they help to shape digital transformation in a way that manages risk, optimizes business processes and reduces avoidable losses.