Streamline your cloud experience and maximise your cloud investment with Microsoft Azure-aligned public cloud services.
Host all of your workloads in the most appropriate location while experiencing the simplicity of one cloud from Six Degrees.
Enhance your cyber security and safeguard your organisation with our cyber security strategy and advisory, consultancy, and managed services.
Connect your business through a comprehensive connectivity portfolio delivered via our owned and operated core Next Generation Network (NGN).
Secure your productivity on any device, anywhere, any time.
Streamline your hosting with comprehensive colocation services delivered from three UK data centres.
Gain clarity and control of your 5G estate, ensuring ongoing cost efficiencies are managed on your behalf through our managed service.
Gain confidence in your cloud direction and achieve accelerated time to value through our assured and optimised cloud services.
Master today’s complex threat landscape and protect your business with our intelligence-led security services.
Videos and webinars are a great way to digest the latest technology insights.
Our eBooks and whitepapers provide in-depth insights from our experts.
Our thought leaders publish regular blogs on up-to-the-minute topics.
Learn all about the latest news from Six Degrees as we continue to evolve.
We host regular in-person and virtual events for our clients.
Discover how Six Degrees has driven success for others.
Learn how we enable our clients to achieve more; providing superior secure solutions, powered by our passionate people.
We are proud to partner with many of the world’s leading vendors, enabling you to leverage our continual investment in difference-making technology.
Learn how CNS at Six Degrees delivers intelligence-led security services that protect organisations in today’s hostile landscape.
We are committed to operating in an environmentally and socially conscious way. Learn more about our commitments as a business.
We are proud of our secure cloud credentials. Learn why we’re one of the most highly accredited providers in the UK.
We are a friendly and passionate bunch here. Whether you want to work with us or for us, we think you’ll enjoy the Six Degrees experience.
Home » Blogs » Four Ways the CISO is Going to Have to Evolve in 2022
These changes bring significant business opportunities, but they also generate cyber security risks. There has been a 400% rise in cyber-attacks during this same period, and 95% of CISOs predict that the situation will get worse before it gets better.
Luckily, it isn’t all bad news on the job front. While a need for fast remote access has proven undeniably challenging, this shift has also brought with it some glass-half-full benefits, highlighting the importance of cyber security for both commercial outcomes and business-critical processes. By rethinking how the CISO operates, it’s possible to capitalise on (rather than crack in the face of) these changes.
Fundamentally, this year has painted a picture in which the CISO of the future needs to be a far more integrated part of business. By stepping up, CISOs can become indispensable in ways they haven’t been until now. Here, we’re going to explore that shift and consider how you can evolve to feel those benefits in 2022 and beyond.
Suggested reading: For practical guidance on how to be a more business-focused CISO, check out our free resource — The Board Presentation Toolkit: Cyber Security and Threat Management.
According to a recent GISS survey, just 36% of organisations previously onboarded CISOs at the planning phase of a new product or service. However, for the vast majority, security, and more specifically CISOs, have been an afterthought, making accountability a challenge to say the least.
This is an issue that the largely technical-focus of the CISO has facilitated, but that’s changing. In fact, according to Gartner, CISOs stand to transform digital risk management “by proactively assessing risk appetite and the value of the desired business outcome.” In other words, CISOs need to start accounting for businesses on the whole rather than siloing their services, a point that’s only highlighted by the Gartner prediction that 30% of a CISO’s effectiveness will be directly measured on their ability to create business value by 2023.
In reality, this change is at the heart of everything the CISO needs to do in 2022. To a large extent, the solution revolves around how your business perceives cyber security, and how you relate to the business at large. It’s important to adopt a business-level mindset, and think strategically about how cyber security can deliver commercial benefits. Consider ways in which:
Fundamentally, cyber security has the potential to drive significant commercial outcomes by enabling your business to adopt innovative strategies without exposing yourself to risk. Cyber security leadership should be defined by your ability to communicate the value of effective cyber security investments. Adopting an outcome-orientated perspective is critical to gaining the necessary buy-in from your organisation, and that starts with changing your own mindset regarding the value of cyber.
Suggested reading: How to Effectively Explain the Value of Successful Cyber Security.
In the past, CISOs have worked closely with CEOs and board members, often solely focusing on security. This can lead to obvious disconnects between the assets you’re attempting to protect and the protections themselves, a disconnect which won’t serve any longer.
Of course, appealing to the people up top is still fundamental. But there is more than one way to gain the support you need. Namely, many CISOs are realising that alliances within otherwise unchecked areas will not only provide much-needed advocates, but will also help with the outcome-based focus discussed above. According to the same GISS study:
With that in mind, there really is no time like the present.
The idea of making friends across a business can seem like it will take you away from the day job, but making friends needn’t mean making compromises, especially if you work with strategic partners to take some of the load off/expand your knowledge store. When you tie the ally narrative into those more goal-focused priorities, a friend-focus can dramatically enhance rather than detract from overall security solutions.
Think about direct ways that cyber security will benefit your marketing, finance or legal teams, and explain to those business leaders how what you want to do will improve their goals as well. For example, security investments might be critical to a new customer data collection strategy, a remote working policy, or creating of a customer facing app. If done right, this can help orientate your entire business around cyber security, building more robust outcomes and gaining the support you need to drive effective investment and commercial growth.
Suggested reading: Five Cyber Security Questions Any CISO Should Be Able to Answer in 2021.
The two issues already discussed point to one thing — the need for CISOs to become agents of change, rather than tech-locked outsiders. There’s certainly no room left for security to be treated as a technology-only issue. By altering the language and perception surrounding what cyber security can do, CISOs are almost guaranteed to see the change that they want to be in the workforce.
At its heart, becoming an agent of change is about altering not only your priorities/methods but also the language used to describe them. Instead of focusing on tech-based info that nobody understands, an agent of change should adopt business-level and risk-based language that any board member can get behind. Consider questions like:
Pro tip: Our board presentation toolkit has some fantastic advice on how to do all of this, and frame cyber security investments in business-level language.
As well as increased risk, the majority of businesses are working with reduced budgets — likely part of what’s driving the increased measurement of CISO success based on creating business value. This leads to something of a predicament — CISOs need to do more than ever, yet it’s fundamental that they do so for less.
Driving efficiencies is one place where strategic partnerships can deliver a lot of value. With more advanced cyber threats on the horizon, developing sophisticated cyber security solutions requires increasingly niche and specific skill sets within your cyber team. The problem is that these skills aren’t needed all the time, and cyber security skills shortages make them hard to access at all.
Managed service providers can deliver access to skills on-demand, letting you only pay for the skills you need, when you need them. For example, detection and response units (which are an increasingly important capability to have) require far less personnel to monitor systems than respond to an incident. A managed detection and response (MDR) service is more cost-effective than building and maintaining those capabilities in-house.
Fundamentally, 2022 requires flexible and effective cyber security solutions. As CISO, it’s your job to find creative ways to deliver results while ensuring that you are also creating effective business outcomes that drive the bottom line. Efficiency, itself, is a business outcome. But always look for ways that partner efficiency with broader change and capitalisation on commercial opportunities.
Changes are afoot for the CISO of the future, with forward-thinking, business focus, and enhanced collaboration all set to become musts rather than maybes.
Unfortunately, up to 51% of employers find it challenging to fill generalised security roles. No CISO is an island, and making sure that you have access to the right skills is critical to executing the types of solutions necessary to succeed. Again, managed service providers are an invaluable tool for accessing skills on demand.
Fundamentally, however, the central goal for 2022 should be an increased focus on the commercial benefits of cyber security. Luckily, making the connection between cyber security investment and business value isn’t hard — but it does need to be your focus. If the CISO doesn’t champion the value of cyber, it’s likely to remain in the shadows, only coming under scrutiny when something goes wrong. Outlining the commercial benefits of cyber investment is how you gain the support needed to build better and more effective solutions. It’s also how you transform yourself as CISO. Good luck, get planning, and have a cyber-safe 2022.
As the UK continues to phase out 3G…
Whether they admit to it or not, most…
We are proud to announce that Six Degrees…
The Digital Operational Resilience Act (DORA) entered into…
More information on our Privacy and Cookies Policy can be found here: https://www.6dg.co.uk/privacy-cookies/. You can update how we contact you in the future by visiting our Communications Preference Centre here: https://www.6dg.co.uk/preference-centre/.
