The need to operationalise cybersecurity

The Board will demand more of cybersecurity leaders

Over the past year, the number of critical, widespread vulnerabilities organisations have to deal with have significantly increased. These “mega” vulnerabilities have gone from occurring once a quarter to now being practically a weekly occurrence. On top of this, there is a lack of communication between CISOs and other board members when it comes to cybersecurity, which means that long-term security issues are not being addressed and businesses are not seeing the full benefits from their cybersecurity stack.

Therefore, in 2023, businesses will start to operationalise their cybersecurity by making sure their strategies and solutions work towards a company’s aims and operations in order to demonstrate ROI. All senior-decision makers must understand that cybersecurity is an issue which affects all aspects of a business.

To do this, CISOs need to ensure that technical data and language is translated and reported through measurable KPIs to show security effectiveness, and that it is presented in a way that can be understood by all board members. Board members will expect CISOs to properly communicate and measure cybersecurity to identify which areas are most at risk from inevitable breaches, as well as ensure money is being spent effectively and prevent it being wasted.

Cybersecurity issues will continue to impact all areas of the business, driving the need for operationalisation

The cybersecurity industry continues to have an issue in attracting talent. In 2023, it will need to become more accepting and approachable in order to allow a more diverse range of enthusiastic individuals to come into the sector.

This acceptance that more people need to come into the industry without judgement on specific qualifications will cause an influx of talent which can assist the need to align cybersecurity with business operations and strategies.

Cybersecurity issues will continue to impact all areas of a business; therefore, organisations need a diverse range of voices to build resilience     . Security teams, and the entire business itself, need people with different ways of thinking – ranging from the analytical side to the more open and abstract.

Through the acceptance of a larger range of talented individuals, the issues of shortages within the sector will be quickly addressed. An influx of more cybersecurity focused people within businesses will result in companies beginning to understand the need to invest in longer-term, targeted structures rather than treating cybersecurity issues and breaches in an impulsive manner.