What Your CISO Wants You to Know

Toffler Associates recently interviewed several CISOs from different industries to get a sense of their challenges related to securing enterprise networks, keeping pace with evolving threats, and delivering organizational value. Although these CISOs represent a wide range of industry sectors – energy, finance, entertainment, technology – they shared common concerns related to workforce vulnerabilities and their value proposition to the organization. We share their words and our takeaways.  

Takeaway 1: Prioritize a Security Culture

The CISOs we talked to find themselves at a disadvantage in improving workforce security behaviors. Despite working with HR to prioritize better security hygiene or participating in candidate screening, in all cases, the CISOs say their organizations do not put enough emphasis on addressing their biggest enterprise vulnerability: the workforce. 

Takeaway 2: Move Security to the Left Side of the Balance Sheet  

With the average cost of a data breach surpassing $9M in recent years, the corporate value at risk of attack indicates that cybersecurity is not simply an operating cost but an activity that contributes to revenue generation and, ultimately, AEBITDA. The CISOs and Toffler Associates agree: security staff participation in business conversations moves the CISO out of the role of responder. This allows leadership to incorporate risk and security concerns into investment decisions, ahead of a news cycle, resulting in a more secure – and likely more profitable – enterprise. 

To learn more about how to strengthen the human element in your cybersecurity strategy, download our guide.