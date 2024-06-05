BY Fast Company Executive Board4 minute read

What comes to mind when you think of a CISO’s role?

If it’s “technical matters,” it’s an understandable response. Traditionally, explains Rupal Hollenbeck, the president of Check Point, the CISO role—and other cybersecurity roles—were mainly technical jobs. “If a CISO were securing an environment, securing technology, making sure that the technology installed in the organization wasn’t going to get hacked or breached, then they were doing their job as a CISO,” Hollenbeck says. But now, that’s changing.

THE EVOLUTION OF THE CISO ROLE Hollenbeck explains that in recent years, the threat landscape has “expanded exponentially.” And a cyber breach can become breaking news—she points out that these days, cyber breaches often make it to the front page of major publications, creating a cascading series of consequences that can jeopardize companies’ standing in the market. “Cyber isn’t buried in organizations anymore,” Hollenbeck says. “We read about breaches in the news because they’re no longer technical discussions. They’re no longer purely operational discussions.”

With cybersecurity increasingly in the spotlight, Hollenbeck explains, the CISO role is evolving. According to a November 2023 survey conducted by IDC and sponsored by Check Point, business leaders now view a CISO’s duties as encompassing more than just security. For instance, 33% of CISOs indicated that in the upcoming 12 to 24 months, they see their roles expanding to be business leaders in trust—such as security, risk, and compliance. Additionally, 10% of respondents said leadership and team-building skills are some of the most vital for CISOs to have, and 8% said the same for business management skills. “We used to talk about cybersecurity as securing technology, and the reality is that cybersecurity is about securing organizational and business outcomes,” Hollenbeck explains. “Cybersecurity is a C-suite discussion; it’s a board-level discussion. Today’s CISO has to balance the strategic business needs of an organization with the technical needs.” COLLABORATION BETWEEN CISOS, CIOS, AND CEOS IS KEY

Hollenbeck emphasizes that cybersecurity isn’t just about blocking and preventing nefarious actors. It’s about creating a strategic business roadmap as much as it is about providing safety. “It’s an enabler,” she says. “When organizations look at cybersecurity as an enabler to run and grow a business faster, they’re able to implement cybersecurity in the right way.” For companies to navigate the new cyber threat landscape and treat cybersecurity as an engine for business growth, CEOs and CIOs need to think differently about cybersecurity and collaborate with CISOs, Hollenbeck explains.

“Today’s CISO’s job is about balance, and today’s CEO needs to be really homed in on cyber risks,” she says. “In fact, the survey found that 99% of CEOs either lead or back digital initiatives. The organizations that will be successful and safe in the future are those that weave cybersecurity into their fabric. A decade ago, I was running around the world saying that all companies are technology companies. Now more than ever, no matter what your company is doing, your company is fundamentally a technology company, and you need to center cybersecurity in your strategy.” As for CIOs, the survey revealed that CIOs and CISOs often have clashing priorities, which can lead to tension. Hollenbeck explains that CIOs and CISOs must be on the same page because it enables companies to grow in the safest, most secure manner. “CIOs, CEOs, and everyone else in the C-suite should be intimately familiar with the role of the CISO,” Hollenbeck says. “That way, they’ll develop an understanding of how the CISO can drive business outcomes.

Early communication between everyone in the C-suite is critical, she adds—the C-suite needs to bring in the CISO as a partner as they work through business decisions. “The CISO can outline risks, and when the rest of the C-suite is risk aware, that’s when the safest outcomes result,” Hollenbeck says. “By bringing the CISO into business conversations early, cybersecurity becomes a much more seamless journey. Everyone knows the CISO’s KPIs, and vice versa. The C-suite gets to focus on business outcomes, and the CISO informs and gets informed every step of the way, so they can support those business outcomes.” Hollenbeck stresses that if the rest of the C-suite puts the CISO “in a corner” they might ultimately deploy programs that put the company at risk. But simultaneously, she says, boundaries are important—the C-suite should be cognizant of not getting in the CISO’s way.

CONSOLIDATION AND AI MUST GO HAND-IN-HAND WITH COLLABORATION While collaboration between CISOs and the other members of the C-suite is crucial, Hollenbeck notes that collaboration alone will not help companies safely and securely move into the future. Collaboration needs to be coupled with cybersecurity consolidation. “Consolidation will help company leaders rationalize the different solutions they want to implement in their environment, Hollenbeck says. “Consolidated technology and cybersecurity solutions will strengthen security posture and create unified management—there will be a single pane of glass, one dashboard that gives everyone a 360-degree view into that area of the business.”

Consolidation, she adds, helps streamline operations and digital transformation initiatives. Additionally, by using AI, they can become more efficient and fully unlock the power of consolidation. “AI is really critical in the development of cybersecurity solutions,” Hollenbeck says. “Companies can use AI to cover skills gaps in their workforce. For instance, we recently launched a product called Infinity AI Copilot. Instead of a network administrator spending hours going through hundreds of pages of logs, they can leverage AI Copilot to swiftly analyze the data set, arrive at conclusions, and guide them to the right decision, all in minutes.” Hollenbeck urges CISOs and their peers in the C-suite to find ways to incorporate AI into their cybersecurity initiatives. Ultimately, she says, when CISOs and other C-suite leaders collaborate, consolidate, and bring the right technology into the picture, that’s when their companies will truly be cyber ready.