How to Properly Support Your CISOs and IT Staff

What’s tech-savvy, focused and brings business success full circle? You guessed it— CISOs. CISOs and IT leaders are vital to the success of every organization. They’re the key orchestrators of an organization’s security performance and ensure that information assets and technologies are adequately protected. Let’s face it: that’s no easy feat.

Being a CISOs is not an easy job. To be successful in the role requires a lot of support from executive leadership and integration with the rest of the business. Unfortunately, too many companies fail to understand this and find themselves stuck in a revolving door of cyber security vacancies.

In fact, a study by Forbes and Fortinet revealed that 56% of CISOs say lack of support from senior management has a major impact on their cybersecurity programs, with 35% considering it their greatest constraint. Additionally, a Nominet study found that 88% of CISOs surveyed work more than the average 40 hour work week and 60% added that they rarely disconnect. While data breaches are outside of our control, there are other things that we can control— namely how we support our CISOs and IT staff.

The more support cybersecurity teams receive, the more productive, profitable and safer an organization will be in the long run. Here are three basic steps you can implement to build a foundation for properly supporting your CISOs and IT staff members:

1. Name the ROI: CISOs and IT staff members may not directly generate revenue, but they keep it in by preventing loss. To change this perception, make their worth known! Identify the value your CISO and IT team bring to your organization. When you place a value on what they’re protecting, it will be easier to illustrate their company worth to executive leadership.

• Communicate Support and Assurance: The turnover rate for CISOs is extremely high— we’re talking an average tenure of 18 to 24 months. As we’ve discussed, it’s not easy being a CISO. They’re under tremendous stress to protect your organization, and their extended work hours have been found to affect their at-home relationships. Maintain constant contact with your CISO and IT teams to establish a culture of security within your organization, and give them support to reduce the outside pressure they are already feeling.

Understand Your Organization’s Security Structure: Every organization is different and the security programs and tools you implement are a reflection of your specific needs. Stop investing in technology that sounds promising and take the time to collaborate with your CISO and IT leaders to develop a budget and cybersecurity plan that will conform to your company’s needs. Remember, your CISO is the face of security at your organization. All security initiatives will be seen as an extension of this person. If you give your CISO a platform and support from key players, you reduce the risk of your CISO failing and working in a silo.  

Carolina Advanced Digital offers a breadth of security solutions including products and services for security reviews, assessments, and pen testing, vCISO (virtual CISO services) plus SOC solutions around SIEM and UEBA. Contact us today to schedule a free call with a team member to discuss your needs.