Why security is moving from the IT department to the boardroom

By Chad Walter, VP of Sales and Marketing, IGI

Cybersecurity experts are constantly looking to the future to predict trends in the industry and anticipate new technologies. We are all hearing the buzz around how technology at the IT level is the answer, which has spawned the chatter around Artificial Intelligence, Machine Learning, and Unified Threat Management—but the most prominent trends for the year ahead might be simpler than that.

The most prominent change in the cybersecurity landscape is that it’s become part of the core fabric of businesses, moving the security discussion from the IT department to the boardroom. It’s no longer sequestered to the back burner of IT admins, and no longer just the responsibility of the security and compliance officer who is nothing more than a scapegoat or compliance checkbox. More and more, cybersecurity consultants are speaking directly to the strategic decision-makers such as the CEO, President, or even the Board of Directors, and the CISO (Chief Information Security Officer) has joined the business strategy team as an influential stakeholder.

In fact, IGI has recently been involved in several cybersecurity engagements where our client’s sales function was the driving factor for the cybersecurity services decision. Many of our clients found themselves having to prove their cybersecurity posture in order to land multi-million-dollar contracts. In other cases, merger and acquisition activity was driving the cybersecurity conversation. These are just two examples of when the cybersecurity decision wasn’t about technology or some compliance requirement but rather was driven by core business success, or for that matter potentially losing key clients.

Another example of this trend is when IGI was introduced to a manufacturer who, for all practical purposes, didn’t have serious compliance requirements or mandates and their exposure to risk was very minimal. They have 2000+/- employees (Yes, they need to protect employee data, but companies have historically ignored this critical piece), there are no proprietary technology secrets to protect, and they don’t take credit cards. They do produce a product we all rely on, but it’s not at all critical. When asked, “Why do you invest in cybersecurity?”, the answer perfectly reflected the shift in mindset that we’re seeing.

“We invest in cybersecurity because we have a responsibility to our employees.”

The customer went on to say that they treat their cybersecurity investment as a benefit to employees. For example, when they conduct security awareness training programs, they are investing in education for their employees, which also includes life skills that they can use both at work and at home. This may be a unique approach, but it’s slowly becoming more prominent among companies of all sizes and in a variety of industries. It’s not just about checking a box or meeting an IT requirement, more and more cybersecurity is instrumental in the overall success of a company.

We know that cybersecurity is harder today than it was a decade ago. It may not take a village, but it does take a very specialized team to manage cybersecurity successfully. There are no silver bullets and there is no one “super-person” you can hire to completely manage every aspect of your security posture. Expecting any one person to handle all your cybersecurity requirements is like drafting a quarterback to win the championship by themselves. Like football, cybersecurity takes an entire purpose-built team. IGI takes on that quarterback role, calling plays and driving down the field, but is backed by an entire team to do the heavy lifting.

Despite advancements in cybersecurity technology, (and in some cases, because of cybersecurity technology) cybersecurity continues to grow in complexity. This challenge coupled with the massive cybersecurity talent shortage means that even when companies can find the talent, they can’t afford it,  they may not require the talent full-time, or they can’t find enough resources to meet the needs of the organization.

Building on what we experienced throughout 2019, companies will continue to look externally for the true cybersecurity focus that they require in 2020. Companies will seek partners like IGI to address key pain points and anticipate the needs of their organization. Our core services include Virtual CISO, Managed Detection & Response (MDR), Penetration Testing, Incident Response, and Vulnerability Management—and can all be part of a strategic, managed program that aligns with your business strategy.

Your Cybersecurity Team must understand both the cybersecurity landscape, as well as your business initiatives and strategy to fully manage and protect your infrastructure.

Learn more about how IGI’s purpose-built team can help your organization at https://www.igius.com.

About the Author

Chad Walter is the VP of Sales & Marketing at IGI cybersecurity. Chad has spent 14 years in various roles in the cybersecurity industry and currently leads the sales and marketing teams at IGI. Chad can be reached online at cwalter@igius.com on LinkedIn at Chad Walter and at our company website at https://www.igius.com.