What do CIOs want to know about their cybersecurity?

Uwe Michael MuellerBy Uwe Michael Mueller, EMEIA Performance Improvement Leader, EY.

If you and I were talking right now, face to face and in a room full of CIOs, we would have a lot to discuss about cybersecurity. In the spirit of information sharing and collaboration against a common enemy who threatens us all, we would tell each other what we were doing, the tools we have, the size of the team and the budget, and we would commiserate with those who, despite having done everything seemingly right, still suffered a significant attack that threw their organization into chaos.

What CIOs want to know about our cybersecurity is: “Is it working?”, “Am I doing the right things?”, ”Is there some back door I have left open that I don’t know about?”. Maybe your organization is one that recognizes that cybersecurity is not just the responsibility of the CIO or CISO any more — it’s a shared responsibility. The board needs to support your efforts, and the employees need to learn — and try their best — to stay out of trouble and not open that email, or lose that device. Does that make you feel more confident? With the organization fully behind you, are you feeling more hopeful?

Probably not, if you are honest. So what’s missing? If the devil is in the detail (or in your network), then maybe your concerns are very specific; so let’s break it down.

Firstly, are you concerned about how sharp your senses are? Can you see the cyber attacker as he starts to prowl around your perimeter? Would you know if someone was beginning to dig a tunnel or launch a rocket over your fences? Would you spot him if he got into a disguise and then hid in the shadows?

Secondly, what if the attack was from a new weapon? A new, more sophisticated weapon that you hadn’t experienced before. Would your defenses be able to resist something new and more powerful?

Thirdly, would your organization know how to react to an attack? Do you have a plan and do you know what role you would play in it? What would be the first thing you would do?

EY’s latest Global Information Security Survey will be published by the end of this month. From studying the results of that survey, from listening to our clients day to day, and from watching the cyber risk and threat landscape evolve, our cybersecurity practitioners hear these questions all the time. They understand how critical it is that IT and cybersecurity leaders have the answers and are confident they know what to do.

The survey results will indicate where organizations are today in the strength and maturity of their cybersecurity capabilities. Last year, the survey indicated there had been some improvements, with more still needed, so will this year demonstrate that cybersecurity is improved again and organizations are closer to defeating the enemy? I suspect, since we all live in the real world, there will be some good news and some not-so-good news. What organizations need though is some hope, and a reminder they are doing a good job. Maybe not perfect, but they have come a long way and, if the survey can give them some guidance about where to get to next, then that provides something to work on.

I’m expecting to learn a lot from this year’s results. I understand that 1735 CIOs, CISOs and other cybersecurity professionals took part. Now I don’t know about you, but I’ve never been in a room with that many professionals before, all talking and sharing (anonymously of course!) precise information about their experiences, capabilities and concerns. So if you want to hear what they have to say, look out for the report. We will post it here when it comes out. Then we should talk again and keep the conversations going. Like the room, we are all in it together, so let’s continue to help each other out.

One thought on “What do CIOs want to know about their cybersecurity?

  1. As a small business owner I was really worried about the cybersecurity. After all, I have a healthcare business in Virginia and keeping customers as well as company’s data confidential is the foremost thing. The recent attacks called WannaCry has given enough sign to be worry about. Plenty of attacks are being triggered by hackers and we being a normal business owner are not expert in all subject. We need some IT expert who can look this matter. Not just cybersecurity, I think CIO are the best person who not only gives IT Support but also helps in business growth. Thanks to the Introviz firm that offered CIO consulting services. They helped to implement such measures and rapidly reported all the cyber incidents after performing a terrific IT assessment which I wouldn’t have been able to explore on my own. I overlooked on things which their professionals handled in a subtle way. The IT strategy consultant worked closely with me and I must say his senses were very sharp which you also stated in this blog that it is a must for the consultant. He revealed how critical cybersecurity is. He implemented a systematic approach to assess and monitor the controls and the results were overwhelming. Finally, the solution he provided gave me complete peace of mind and now everything is proper. You are right that cybersecurity is an enemy and with the help of a CIO consultant you can defeat the enemy easily. I appreciate the information shared. Thanks.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s