Chief Information Security Officers – also knowns as CISOs – are senior-level executives working at the intersection of IT and business. Often more active in the background than other executives, their roles have become increasingly important since the start of the pandemic. Johann Alessandroni, Head of Information Security Governance at Excellium Services and Vincent Laurens, CISO of Quintet Private Bank tell us more about their strategic role.
If a capital “C” features in your job title, you can safely assume that you are a pretty “important person”, at least in the context of your company. While envied by many lower ranked employees because of their high salaries, C-level executives also take on more responsibilities than the former. Due to a global increase in cybersecurity attacks in the past year, no C-level executive had to step up more than the CISO.
Like most C-level executives, CISOs are generally speaking very well educated and have at least a decade of experience in their field. Most importantly, their work revolves around making sure that all their company’s information assets and technologies are operating smoothly and are well protected against any IT related risks.
Until a few years ago it was still quite common for them to report to the company’s CIO. However, their increased responsibilities, which nowadays tend to include dealing with business risks and customer privacy, have changed their position on the company’s totem pole.
Covid-19’s strong influence on the digitalisation of business processes and the correlated increase in cybersecurity attacks only further highlighted their importance in the Digital Age. Previously still relatively unknown, Covid-19 gave CISOs the opportunity to showcase their skills and significance to the company.
“We were able to gain the confidence of the industry and demonstrate to the various C-level executives that we had the technical skills to prevent all kinds of threats and that there were only few operational processes to adapt to ensure resilience [against cyberattacks],” says Vincent Laurens.
A Personal Touch
Where CISOs were previously mostly concerned with IT related tasks, Covid-19 has shown how important the human element of their work is. Indeed, although the technological aspect of a CISO’s work remains crucial for the well-being of the business, changes in human behaviour are more important than technological reinforcements.
“We realised that it wasn’t necessary to have major technical changes to continue operations but that the [necessary] change was in the ability of people to adopt new ways of communicating or working,” says Johann Alessandroni. “Today he [the CISO] is expected to be able to vulgarise the problems for the general management and to be able to transform something that is extremely technical into something risk-oriented.”
The pandemic has put CISOs in the spotlight and given them the opportunity to step up to the plate. With global trends indicating no slowing down of digitalisation rates, CISOs will certainly continue to play a key role in the businesses of the future.