How business leaders can help drive good information security

April 13, 2021

As this is our first blog entry, we wanted to write about a topic that aligns with our overarching approach to helping companies at every stage in their Information and Cyber Security journey. What better place to start than taking a view from the top?

Business leaders have a vital role to play in impacting the organisation’s security programme. We’ve outlined below some practical pointers that can help drive a good Information and Cyber Security culture across your company or organisation.

Create an effective route to the top

This doesn’t necessarily mean that the CISO (Chief Information Security Officer) has to sit on the board, nor does it mean that the CEO needs to have a second career as an information security consultant; but Information and Cyber Security should be strongly represented as part of ongoing corporate strategy and governance.

If you’re leading a small business, you might look at having a dotted line straight to the CEO who meets with the security leader regularly, perhaps monthly. This leader can be either internal or external and should drive the agenda for these meetings; all you need to do is listen.

If there’s already an obvious reporting line, ensure that all staff in that line are appropriately trained in information security (and risk) management.

Remove conflicts of interest

Information security is everyone’s responsibility, but so often, it’s laid at the IT team’s door. Even if you focus solely on cyber security (the technical subsection of information security), it’s still unfair to put this on IT as they will always be subject to a conflict of interest where “Getting things working” often trumps “making things secure”.

You can help by taking away this conflict. Help them build a relationship with a capable and supportive security professional whose role is to properly communicate and orchestrate the management of, Information and Cyber Security risk within your business.

Along with this separation of roles and responsibilities, help your security leader create and – more importantly – ring-fence an Information and Cyber Security budget. This will have a huge impact on their ability to be proactive in supporting your business and its goals.

Be supportive

Those responsible for security within your organisation should be communicating regularly within your business; namely with end-users, IT managers, and owners of information assets and systems. Some of these communications will be challenging.

It’s at these times that your security leader or team needs the right level of engagement from you. In many businesses, we’ve seen exactly the opposite happen. As soon as conflict arises, senior management bows to the pressures of the business and completely undermines what the security leader is trying to achieve. Try to avoid this; this doesn’t necessarily mean an “at all costs” endorsement every time a challenging situation arises, but if your business knows that as a business leader, the security team “has your ear”, then over time, this will help to oil the wheels of the Information and Cyber Security wagon.

This should be a win-win for you, as any good information security leader will have aligned their work with the organisation’s goals, and as a major stakeholder, will have consulted you in doing so. All you need to do is reinforce that position.

Welcome challenges

Whether you’re CEO or part of the reporting line responsible for Information and Cyber Security, always welcome bad news. All too often, we see situations where someone genuinely believes it is more appropriate to mask a situation than to escalate it or discuss it openly.

Being a supportive leader for your security team is an absolute must. It’s the only way to drive the right security culture and the only way to get the right results in a discipline where poor leadership can cripple your business.

Summary

Leadership plays a critical part in the management of Information and Cyber Security risk, and every leader in the business needs to play their part. If you’ve found this article helpful or if there’s anything you would like to discuss, then please get in touch via direct message or our website at www.cyberlens.com/contact .

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
_zcsr_tmp	session	This cookie is necessary for the login function of our website.
elementor	never	This cookie is used by the website's CMS. It allows the website owner to implement or change the website's content in real-time.
isiframeenabled	1 day	This cookie is set when the Live Chat feature of our website is disabled for any reason.
LS_CSRF_TOKEN	session	This cookie is set by the provider Cloudflare. This cookie is used for the purpose of website security that is Cross-Site-Request forgery prevention. It is used to identify the trusted web traffic.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
b3e783bb62	session	This cookie is set by our marketing partner. This cookie is used for collecting information on visitor interaction with any marketing campaign content we create on our site. This cookie helps us promote services using our CRM based campaign management platform.
cyberlens-_zldp	1 year	This cookie identifies the unique visitors to our website
cyberlens-_zldt	1 day	This cookie identifies unique visits for a visitor to our website.

Strategy

Management

Transformation

Compliance

How business leaders can help drive good information security

Contact Info

Useful Links

Download App

Contact