Ensuring robust security with CISO and CPO synergy

Paola Zeni at RingCentral explores the security outlook for 2024

 

2023 has been a turbulent year and the outlook for 2024 isn’t showing signs of stabilisation. From fluctuating inflation to high interest rates and the cost-of-living crisis, businesses of all sizes have had to contend with all manner of economic concerns alongside skills shortages and supply chain delays. 

 

These challenges remain high on the C-suite agenda as well as the cyber-security landscape. In 2023, it’s been estimated that approximately 2.39 million cases of cyber-crimes affected UK businesses. With the escalation of cyber-threats in recent years, business leaders have started to grasp the importance of cyber-security.

 

However, many organisations still often view security as its own domain that operates outside the flow of business. This siloed thinking will have to shift if businesses want to stay ahead of threats. 

 

I believe part of the solution lies with the C-suite, specifically the CISO and CPO aligning on priorities and responsibilities across the organisation. This will ensure a robust security framework is in place to tackle any challenges that may arise this year. 

 

The role of the CISO and CPO

A Chief Information Security Officer (CISO) is responsible for establishing a security strategy and ensuring data assets across an organisation are protected. They are also responsible for devising the strategy that deals with ever-increasing regulatory complexity, creating the policies, security architecture, processes and systems that help reduce cyber-threats and keep data secure. 

 

A Chief Privacy Officer (CPO) is in charge of developing and implementing policies designed to protect employee and customer data from unauthorised access and to ensure that data is used in a legitimate and ethical way. This means incorporating privacy into any process that touches personal information,  by maintaining a comprehensive and current knowledge of both corporate operations and privacy laws, as well as educating  staff and informing customers.

 

While both roles share intersecting goals, the two often operate independently, thus overcomplicating cyber-security, creating   competition for attention and resources, and missing the opportunity to leverage synergies and alignment. As a result of the pandemic, constantly impacted by new technology, both roles have moved from being reactive to forward-thinking and strategic. Therefore, it is imperative that both work closely together to effectively meet the challenges of today.

 

Getting security and privacy teams aligned will be a critical part of maintaining robust security postures this year. This will allow a holistic approach to data protection and will enable businesses to turn privacy and security into a competitive advantage, instead of a source of friction.

 

How is AI impacting these roles?  

Both the CISO and CPO share the responsibility to closely monitor emerging regulations and understand how their organisation may need to adapt policies, processes and systems for compliance. 

 

Take Artificial Intelligence (AI) for example. The democratisation of AI has greatly increased businesses’ appetite for the technology, particularly to stay ahead of competitors, but also to improve processes. As more businesses look to leverage AI to support operations, the CISO and CPO are uniquely placed to spearhead organisational AI initiatives and lead companies to get the most effective use of AI.

 

However, only with increased collaboration can they do this while effectively mitigating risks and ensuring compliance with the evolving regulatory landscape. Their involvement in risk management and protection of data, as well as their position in a business means they have a broader oversight of how AI rollout could impact the business. 

 

Beyond the implementation of policies, CISOs and CPOs should also champion ongoing education on AI for responsible and effective implementation into operations. As AI will play a critical role in how security leaders respond to cyber-attacks, advocating for its usage in the business can positively contribute to the future of cyber-infrastructure.

 

While cyber-security infrastructure may look different depending on the sector your business serves, cross-functional collaboration will be crucial to ensure you are providing a robust and secure service for consumers.

 

By not collaborating in the C-suite, businesses could be putting themselves at risk and at disadvantage against competitors. In an ever-increasing, data-centric world, the CISO and CPO must work together, if they want to effectively navigate the data protection and compliance landscape of the future.

 

---

 

Paola Zeni is Chief Privacy Officer at RingCentral

 

Main image courtesy of iStockPhoto.com