- Home >
- Services >
- Access to Knowledge >
- Trend Monitor >
- Domain of Application >
- Trend snippet: How to be a cyber champion
Trends in Security Information
The HSD Trendmonitor is designed to provide access to relevant content on various subjects in the safety and security domain, to identify relevant developments and to connect knowledge and organisations. The safety and security domain encompasses a vast number of subjects. Four relevant taxonomies (type of threat or opportunity, victim, source of threat and domain of application) have been constructed in order to visualize all of these subjects. The taxonomies and related category descriptions have been carefully composed according to other taxonomies, European and international standards and our own expertise.
In order to identify safety and security related trends, relevant reports and HSD news articles are continuously scanned, analysed and classified by hand according to the four taxonomies. This results in a wide array of observations, which we call ‘Trend Snippets’. Multiple Trend Snippets combined can provide insights into safety and security trends. The size of the circles shows the relative weight of the topic, the filters can be used to further select the most relevant content for you. If you have an addition, question or remark, drop us a line at info@securitydelta.nl.
visible on larger screens only
Please expand your browser window.
Or enjoy this interactive application on your desktop or laptop.
How to be a cyber champion
1. Give CISOs a seat at the top table
2. Be threat-centric and business aligned
3. Get the most out of secure cloud
Give CISOs a seat at the top table
CISOs must move away from security- focused silos and collaborate with the right executives in the organization to understand business risks and priorities. By drawing on the experience and insights of the wider leadership team, CISOs can gain a broader perspective that serves the whole business well.
We found that Cyber Champions set themselves apart in terms of their reporting structures. Around 70% of the group report to the CEO and Board and they demonstrate a far closer relationship with the CFO— reporting is 7X higher than the other groups. And Cyber Champions tap into these relationships when it comes to defining the strategy. They consult most with CEOs (51%) and CFOs (49%) when developing their organization’s cybersecurity strategy— almost twice as much as the Business Blockers.
When it comes to budget authorization, only 19% of Cyber Champions have their budgets authorized by the CEO or Board, compared to 23% for Business Blockers and 39% for Cyber Risk Takers. This suggests that Cyber Champions have more autonomy when it comes to the purse strings andare less reliant on the CEO and Board for approval.
The business is heavily aligned with the CISO: The reason is very simple. Cyber is one of the top three priorities communicated by our chairperson and by top management... but if you don’t have the okay from cyber, the product simply doesn’t move on.” CISO, Regional US Bank
Be threat-centric and business aligned
CISOs only have to reflect on the 160% year- on-year increase in ransomware events in 2020 to recognize that cyber attacks are prompting a “prevention is better than cure” approach. Given remediation can be 30X the cost of prevention, once a ransomware attack happens, one of the biggest challenges when it takes down an enterprise environment is understanding priorities. What is the most important system to recover in your network? What does your revenue rely on? What’s most critical to your operations?
Keeping attackers out of your environment depends on security leaders closely aligning with the business as partners in driving down risk. This alignment helps to embed security into the business priorities. Cyber Champions understand the importance of balancing security and the business— they measure and monitor often to continuously improve their security function and enable the business to manage risk.
We found nearly 90% of Cyber Champions measure the maturity of their cybersecurity program at least annually or more frequently, 18% more than the Business Blockers (Figure 13). This indicates that Cyber Champions clearly understand the risks while Business Blockers may be blind to them. By measuring and monitoring their risk profiles and making that data available to leadership, CISOs can better align with the business.
“We track data in four areas: cybersecurity effectiveness, the company’s cyber culture, cybersecurity readiness and cybersecurity resilience. We monitor how well we align our plans with core processes
and what’s going on in the business.” CISO, Large Mining Company
Get the most out of secure cloud
Security should be embedded consistently in the cloud. Too often, it is added at the end of the cloud-first journey and can delay business outcomes—or result in having to do the costly work all over again. Cloud security can enable better business outcomes by being fast, frictionless, scalable, proactive and cost effective. With an accelerated shift toward using the cloud, it is important to drive full value from it. When moving to the cloud, organizations should seize the opportunity to reset their security posture, earlier and more effectively —like our Cyber Champions do.
Most Cyber Champions (83%) say that security is a major consideration when moving operations to the cloud versus 70% of the overall sample. Cyber Champions are better at baking security into their cloud initiatives—they don’t see security involvement as a significant barrier to cloud discussions. Cyber Champions know what to do; they work in close alignment with the business to migrate to the cloud more securely.