Why do the CFO(Chief financial officer), COO(Chief operating officer, CIO(Chief information officer), and CRO(Chief risk officer) need to report to CISO(Chief information security officer), not the other way around?
“CEO: People: Are we ready for the launch?”
“CRO: Absolutely, we should see a bump of 35% in sales in the first quarter.”
“CFO: If we hold the 55% margin, our projections will be inline.”
“CIO: All systems are up and ready. We were over budget. However, it was unavoidable.”
“CEO: Anything else.”
“CISO: We will most likely experience several cyber attacks within minutes after the product launch.”
“CEO: What??? Are you kidding me? I approved your budget personally. Now you are telling us we will be hacked?”
Every element of the dialog above speaks to the criticality of cybersecurity. The company’s decision to enter a new marketplace or develop a new product should revolve around the notion of if a new business venture will survive ongoing cyber-attacks. This threat vector can and will do more harm than any business competitor in the market.
While this may seem far-fetched, many of us could contest the authenticity of the dialog. In my…
