Why large organizations still struggle with decade-old security problems – and how to fix them
The last 12 months have been dominated by GDPR and non-stop data breaches: Facebook, British Airways, Marriott … have all been in the news. It is still unknown how the privacy regulators will rule on those cases, if fines will be set, and at which level, and how they will be challenged. It is unconceivable that the regulators would not take such opportunities to set examples.
Across all industries, the penny is dropping with many Board members; Cybersecurity has become a key topic. “Are we spending enough on cyber?” is becoming a recurring question.
All this is putting tremendous pressure on CISOs and CIOs, who now face a mountain to climb to bring their organisation up to sufficient cybersecurity maturity levels, following decades of adverse prioritisation – often by the same business executives who are now giving them millions to “sort it out” …
The challenge is not purely technical in nature: Knowing what to do is often the easiest part. Best practices have been well established for the best part of the last 15 years and still protect (for example around identity and access management or patch deployment).
The true challenge is an execution challenge, and that’s rooted in governance, culture and the management experience of the change agent – the CISO in most cases.
Over the past 3 years, those are the themes I have been exploring on the Corix Partners blog.
All my articles on the topic – grouped by themes – are now available here in hardback format for the second year running.
I trust many of you will find it thought-provoking and that it may help some move forward.
And I would like to take this opportunity once again to thank all of you – clients, partners, friends – who are at the heart of this body of work.
Wishing you all the best – with some anticipation – for Christmas and the festive season.
Contact Corix Partners to find out more about developing a successful Cyber Security Practice for your business.
Corix Partners is a Boutique Management Consultancy Firm, focused on assisting CIOs and other C-level executives in resolving Cyber Security Strategy, Organisation & Governance challenges.