6 Takeaways from Raines’ Cybersecurity Leadership Webinar
Raines Managing Director, Head of Chief Security Officers Practice, and Co-Lead of Aerospace, Defense, and Government Services Practice Patrick Gray and SVP and Head of Agribusiness Melissa Oszustowicz hosted a webinar on Oct. 14 about cybersecurity leadership. Patrick and Melissa were joined by cybersecurity expert Elad Yoran, executive chairman of Koolspan and CEO of Security Growth Partners.
The average data breach now costs U.S. companies $9 million and takes more than 9 months to uncover and contain. No industry is safe from these increasingly common attacks, yet many companies do not have the right leadership in place to prepare, prevent, and respond to an attack. Below, see six takeaways from the 30-minute webinar on cybersecurity leadership. You can also watch the webinar recording at the bottom of the article.
- Organizations are getting better about prioritizing cybersecurity. Current trends show leaders prioritizing and planning for cyber needs. “Some industries are clearly more advanced and early adopters,” Elad said. “Having said that, the clear and unambiguous trend is taking cybersecurity more seriously for a variety of reasons: the frequency and severity of attacks, the direct financial impact as well as the operational consequences, ransomware obviously has tremendous implications beyond just the financial impact,” and government regulations including HIPAA. However, just following regulations isn’t enough.Governmental or legal cybersecurity regulations should be viewed “as a floor instead of a set of best practices,” Elad commented.
- Cyber expertise should count when evaluating boards of directors. Boards of directors are focusing more on cybersecurity and determining how to evaluate what qualifies someone to serve as an expert, Elad and Patrick noted. Elad suggested boards add a cybersecurity committee, “just as they have an audit committee or a compensation committee” to ensure the right questions are being asked across the organization.
- CISOs must be security experts and great managers. Some industries have better presence of CISOs, whereas others like agriculture don’t have good presence of CISOs. If an organization has or plans to appoint a Chief Information Security Officer (CISO) or another leader responsible for cybersecurity, that person must wear many hats. “CISOs have to understand the right questions to ask, but they equally have to have the managerial and interpersonal skills of a C-level executive because they have to manage up, they have to manage down, they have to manage laterally,” Elad noted. Depending on the organization, CISOs must work with other C-suite executives and the board, as well as within silos and departments, while managing laterally with IT and engineering.
“The communication element is so critical,” he added. “To be able to work with the head of IT or the head of Engineering or head of DevOps, wherever the issue lies — to report issues, to assign priorities, to make sure that things get remediated as they come up and so forth, those are skills you wouldn’t necessarily think are technical skills but are part and parcel of the CISO job.”
- Due diligence should include a cyber component. Private equity companies and other investors should take a pulse check on a company’s cybersecurity before investing. Advantages Elad flagged include: “You’ll learn about the risks and operational conditions of the company, where added spending may be required that’s going to affect your budget and your forecasts and so forth, and perhaps you learn a little bit about management — how they think and operate, if they are taking, in my opinion, what might be unwise shortcuts or perhaps the other way around — or far worse, that the company may have been compromised and IP has been stolen.”
- Cyber insurance is an area to watch. Melissa shared that several clients have raised questions about cyber insurance, but Patrick warned it can’t be an organization’s entire security strategy. “It’s a dynamic area to watch as the field develops and requires organizations to qualify, Elad said. “The book hasn’t been written on this area just yet,” he said. “It’s an exciting story. I think it’s going to be an important part of the landscape for us in the future, but it’s still early days in the cyber insurance world.”
- Every industry needs cybersecurity. Historically, industries like manufacturing, agriculture, and energy may have felt protected against cybersecurity threats because of their types of work. But, as the recent major hacks of the JBS Pipeline and others have revealed, that is no longer the case. Organizations that feel confident in their cybersecurity program shouldn’t rest on their laurels, but instead constantly monitor and evaluate their processes and support leadership. Elad reminded, “Just because you were secure yesterday doesn’t mean you are secure today.”
View the webinar recording below.
Follow Raines International on LinkedIn or sign up for our newsletters to learn about our upcoming webinars and events. For more information on finding the right leader for your organization, reach out to Patrick Gray at firstname.lastname@example.org or Melissa Oszustowicz at email@example.com.