According to the panel of 162 CIOs, CISOs, CSOs and CTOs of Top companies in Italy respondents to the survey for the NEXTVALUE Insight “Cybersecurity in Italia. What’s next”, the CIO or IT Director is the Cybersecurity Responsible for the 89%, of which 53% states to report to the General Manager. A key figure like the Chief Information Security Officer is present in the 58% of the panel’s companies. The “I” of Information emphasizes the fact that the CISO is strongly linked to the IT area, where the CIO is the owner of the Cybersecurity and the CISO, with dedicated and specialist skills, is the implementer and coordinator of dedicated technology and policy.
Steve Katz, the first person to fill the role of Chief Information Security Officer in the 1985, when the banking group Citigroup suffered a cyber theft from 6 million pounds, often says: “my philosophy on information security is the same now as it was then. It’s not a technology issue, it’s a business issue”.
A lot of things has been changed since 1985 until today: the Cyber Risk has become increasingly important, and a figure with a computer technician training elevated to the role of Security Responsible is destined to disappear from the job’s world. The new CISO may be a youth resource with technical and business skills, also with a history in the world of consulting.
In a short time, these new figures will have an increasingly important role in the organization chart. The business architecture must incorporate the security architecture for a business oriented vision. The skills required will be architecture, regulatory and business. So, next to the Chief Information Officer, there will be an interdisciplinary figure that will handle both security and architectures, but also that will promote the use of technology designed by the CIO itself.
That’s not all, those working in the world of Digital Business -including eCommerce- must be very familiar with its customer base to be able to speak the language of Board members; products, workflow and business dynamics, not only technologies and standards. Obviously, the industry sector will influence the role of Security Responsible.
The new CISO will have: “behind rules and regulations, under foot technology and architectures, across the Business”.
To date, the market has not yet understood the need of this new figure, who must rework consultant and technical skills.
Free download of the Insight “Cybersecurity in Italia. What’s next” (only in Italian language).