Check out the Low-Code/No-Code Summit on-demand sessions to learn how citizen developers can upskill and scale to innovate successfully and achieve efficiency. watch now.
One of the fastest ways for CISOs to rise is to prove that security teams can make money by protecting customers and strengthening their trust. An organization’s security posture is core to the customer experience it delivers. Protecting a customer’s identity and data could mean the difference between staying in business next year.
Forrester Research’s Security and Risk Forum 2022 session provided security and risk professionals with actionable, actionable advice and insights. It tasked them with controlling a cybersecurity initiative that was a core competency of their business.
Two presentations provided insight into how CISOs can deliver more value and advance their careers. One is “Cybersecurity Drives Revenue: How to Win Every Budget Battle,” by Forrester Vice President and Principal Analyst Jeff Pollard. Another of his is “Communicating Value: A CISO’s Business Acumen Primer” by Chris Gilchrist, who is also a Forrester Principal Analyst.
CISOs must flex to their growing influence
How trusted and proven a particular company’s security posture is will affect its revenue and deal pipeline. How close are businesses to achieving Zero Trust initiatives such as Multi-Factor Authentication (MFA), Identity Access Management (IAM) and Privileged Access Management (PAM)? , and what the premium will be.
Intelligent Security Summit
Learn the critical role of AI and ML in cybersecurity and industry-specific case studies on December 8th. Register now for your free pass.
Businesses should also ensure that their cyber insurance is in place before they qualify for any major sales opportunity or transaction and before they sign a purchase contract and issue their first purchase order. must be shown in “If something has as much to do with revenue as cybersecurity, it’s a core competency. said in a presentation about
>>Don’t miss our new special issue: Zero Trust: A New Security Paradigm.<
CISOs need to flex with their growing influence and prove that they and their teams can contribute to the bottom line. A great way to do that is to focus your team on how cybersecurity investments protect and grow customer trust. “This means that instead of being buried as an operational item that is only managed and measured as a cost, security is now a driver of corporate strategy. ,” says Gilchrist.
“We have more and more CISOs joining the board. I think this is a great opportunity for everyone here. [at Fal.Con] To understand what impact they can have on the company. From a career perspective, it’s great to be part of that boardroom and help them to keep their business resilient and secure. He continues: It should make your business more resilient and help protect the productivity gains of digital transformation. ”
Cybersecurity is a cost of doing business, so the CISO role is now strategic and may turn into a board-level position. A CISO who can lead a team to profitability helps the board understand how technology reduces risk across the enterprise. “CISOs must continue to work on translating technology and technical risk into business risk, and be better able to deliver that risk story to the board, but on the other side of the aisle, the board is You need to be able to understand the impact of Proofpoint, says Lucia Milica, Global Resident CISO at Proofpoint.
A recent Proofpoint report, Cybersecurity: The 2022 Board Perspective, found that 73% of boards have at least one member with cybersecurity experience. Additionally, most board members (77%) believe cybersecurity is a top priority for the board itself. Thus, “the role of the CISO is evolving from being a technical he specialist to a business he executive who understands where business value is coming from and can articulate to the board how to protect it.” , Director of The Cyber security Studio, Abbott.
How CISOs Drive Revenue Growth
Some key areas CISOs and their teams need to focus on to drive revenue include: Reduce barriers to entry into new markets by meeting regulatory requirements. Reduced Compromise Costs. Jeff Pollard’s presentation suggested his four-step approach to identifying the revenue impact of security spending.
- Identify security management requirements.
- Quantify overall current contract value and customer lifetime value.
- Link spend distributions for all controls that meet these requirements.
- Each of these items is then summed up separately as a reason for allocating security spending.
One of the main benefits of following this framework is the ability to quantify the value of reducing customer risk. Additionally, her CISO, who attends board meetings with quantified risk assessments, speaks the language of board members. This is a great career strategy for gaining recognition and promotion.
The goal of Forrester’s methodology is to determine how much a particular security investment will cost per customer and the revenue generated by a particular customer segment. Essentially, this methodology looks at the return on security investment while quantifying what goes wrong when your customer base is unprotected.
Knowing how many customers rely on your organization to protect their identities using privileged identity management (PIM), and the revenue those customers contribute, can help you understand what percentage of your security budget goes to PIM. It helps you decide what you need to spend. “We use Z. They are responsible for the revenue of Y. We can also aggregate the revenue it would cost if we removed that control…renew that control or renew the license.” Or … if we didn’t have the budget to support it,” Pollard explained in his presentation.
For example, let’s say 330 customers require an enterprise-grade PIM to protect their identities and the annual cost is $250,000. The cost per customer is $757.58. The analysis then takes the total annual revenue of customers requiring PIM and divides it by the cost of implementing a PIM system to arrive at the cost per revenue of security coverage for the customer base. Therefore, Forrester’s analysis also has value for CISOs as it helps them quantify the risk to their bottom line from not properly protecting their customers.
CISOs can use this analysis to protect their budgets. To do that, ask if it’s worth risking millions of dollars in revenue by not spending $250,000. Extending this to all items in the budget gives the CISO greater bargaining power in negotiations with his CFO and board. It also provides a consolidated financial view of the cost of risk if budgets are cut.
And for CISOs interested in career advancement, quantifying risk is a current focus of the board.
CISOs need to be bold in delivering value
CISOs face many challenges, such as consolidating their tech stack, getting more done with less thanks to chronic security worker shortages, and ongoing budget pressures. Therefore, you need a methodology to stick to your budget. As security budgets shrink, so do careers across the department.
Showing how security drives revenue and knowing how to quantify risk are valuable skills for CISOs and their teams to develop. The Board thinks and speaks in these terms. So her CISO, who developed them as a skill set early on, has the potential to advance her career and eventually get promoted and land a role on the board.
Mission of VentureBeat will become a digital town square for technical decision makers to gain knowledge on innovative enterprise technology and trade. Watch the briefing.