For years the evolving role of chief information security officers has increasingly required them to think more like a chief risk or strategy officer and anticipate cyber threats before they happen. Now a perfect storm is brewing that may finally push risk management and strategy roles to the forefront of cybersecurity.
The White House administration’s focus on cybersecurity , new proposed NIST standards and the industry’s waning confidence in their ability to predict cyber attacks are conspiring to push the change.
“At the end of the day, security is going to have to be run by a different CSO - the chief strategy officer, or some would combine that with the chief risk officer,” says Arvind Parthasarathi, CEO of Cyence, which has built an economic risk model for cybersecurity based on probabilities and dollars. “Defense is exactly at the core of the CISO, but the offense, the motivation of why somebody would want to hit you, is often driven by the strategy of the business and what they’re trying to do.”