Andrzej Kawalec, head of cybersecurity at Vodafone Business, was speaking at the Cybersecurity Leadership Summit in Berlin hosted by analysis company KuppingerCole on Wednesday, as part of a panel on the key attributes for the CISO of the future. He said building trust in digital systems, for staff and customers, was becoming such a big part of the job that it would soon be necessary to separate it from other IT security leadership responsibilities.
The emergence of the chief trust officer
In most organisations, CISOs focus on protecting staff and systems from potential attack, as well as controlling the damage during breaches. However, even in the midst of a large-scale cyber incident Kawalec believes security leaders are thinking about the impact
“The question we increasingly think about, even in the middle of an attack, is ‘what’s the impact on our stakeholders and shareholders?’,” he said. Numerous elements need to be considered during a cyber incident that lead back to trust, he continued. “What’s the impact on the systems? How are you managing communication? What is the trust that we hold in place for our business? How is that trust seen and felt by markets?” he asked.
High-profile cybersecurity incidents, such as the recent Optus breach, can have a big impact on businesses and the way they are perceived by customers, as well as the trust that staff have in using digital tools. Because of this, Kawalec says a new role may be required to manage these elements of cybersecurity and ensure that attacks do not have long-lasting negative implications.
“I wonder whether you could see, alongside the chief digital officer, a trust officer,” he said.
The growing importance of the CISO
Kawalec believes the importance of the CISO is gaining greater recognition at the c-suite level. “In three years, the role of the CISO will be mainstream,” he said. “They will sit and have much greater influence across the organisation.”
It is possible to see this growth happening even now, added Dr Marc Hofmann, CISO at Finnish bank Nordea. “The board is already trying to get confident on the topic of security, and I think that’s the point.” Dr Hofmann said. “I am talking to the board [at Nordea] on a monthly basis, just for security topics. I see this across all the larger organisations,” he said.
The Covid-19 pandemic has helped escalate the importance of security to companies, added Kawalec. He said hybrid working and the challenges this presents have meant security has risen on the agenda for business leaders. “A huge advantage has come through Covid and the move to a much more open, yet controlled, hybrid model [of working],” he explained. “It’s been a real starting gun for how we develop [security] controls.”