Chapter 3 - Structuring for the Digital Age

summary

As digital transformation becomes a business necessity cyber risks are mounting. Boards at leading organizations are responding by increasingly integrating cybersecurity as a strategic element in their business plans. A natural outcome of this broader understanding of cyber risk has been an evolution in corporate structure sometimes generated by governmental regulatory oversights and sometimes by innovative business thinking. While the specific structures continue to evolve in ways unique to individual enter-prise business plans there are some themes that seem to be common. These themes include a flatter, less siloed approach engaging a multi-stakeholder grouping into the discussions on cyber risk, elevating the reporting structure for these responsible for managing cyber risk. Initial research suggests that such structures can both enhance the cyber risk management function and improve business efficiency.

Key Ideas
  • Traditional corporate structures for cybersecurity are inadequate to address modern cyber risk.

  • Research demonstrates that the management of the cybersecurity function will be more effective if it is integrated and encourages communication and flexibility on the issue throughout the enterprise.

  • Management of cyber risk is not solely the responsibility of the IT department within an organization, it should be managed across the enterprise.

  • Organizations need to find the right structure to address their cyber risks based on their size, priorities, and industry. There is no one-size-fits-all structure for the digital age.

  • Non-IT executives will play an important role in leading cybersecurity teams in new structures.

Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity

CONTACT

| 703-907-7090

| admin@isalliance.org

| 2500 Wilson Blvd, #245
Arlington, Virginia 22201
USA

ABOUT

ISA provides cybersecurity expert testimony and thought leadership in government and serves as an expert witness to the press.

SEARCH

Larry Clinton, President and CEO, Internet Security Alliance

Larry Clinton is President of the Internet Security Alliance. He advises industry and government on cyber policy. He has briefed NATO, the OAS and G-20 and the US Congress. He has twice been named to the Corporate 100 list of the most influential individuals in corporate governance. He has written cybersecurity best practices books used in the US, Europe, Latin America and Asia.