In today’s data-driven business world the Chief Information Security Officer (CISO) is no longer “the sole authority” when it comes to cyber risk management within a company.
The CISO’s role has evolved dramatically over the past decade. In the past, the CISO was often a technology-focused employee working in isolation from the organization in a data center. Cyber security was seen as a pure operational technology issue.
Evolving cyber risks and data application have forced enterprises to consider cyber security as more of a strategic technology issue and business-wide problem rather than simply an operational issue. Insurance Business caught up with Matt Palmer, CISO at Willis Towers Watson, to find out more about the ever-evolving role.
“Cyber security is a business issue and a risk issue, as opposed to purely a technology issue,” said Palmer. “There’s a lot of discussion around people being the first line of cyber defense and the first line of failure. The reality is, a company is not made of wires; it’s made of people who service customers. Therefore, cyber security needs to manage the people risk effectively as well as managing…
