Chapter 3 – Structuring for the Digital Age – Cybersecurity For Business

CYBERSECURITY FOR BUSINESS

Chapter 3 - Structuring for the Digital Age

summary

As digital transformation becomes a business necessity cyber risks are mounting. Boards at leading organizations are responding by increasingly integrating cybersecurity as a strategic element in their business plans. A natural outcome of this broader understanding of cyber risk has been an evolution in corporate structure sometimes generated by governmental regulatory oversights and sometimes by innovative business thinking. While the specific structures continue to evolve in ways unique to individual enter-prise business plans there are some themes that seem to be common. These themes include a flatter, less siloed approach engaging a multi-stakeholder grouping into the discussions on cyber risk, elevating the reporting structure for these responsible for managing cyber risk. Initial research suggests that such structures can both enhance the cyber risk management function and improve business efficiency.

Key Ideas

Traditional corporate structures for cybersecurity are inadequate to address modern cyber risk.
Research demonstrates that the management of the cybersecurity function will be more effective if it is integrated and encourages communication and flexibility on the issue throughout the enterprise.
Management of cyber risk is not solely the responsibility of the IT department within an organization, it should be managed across the enterprise.
Organizations need to find the right structure to address their cyber risks based on their size, priorities, and industry. There is no one-size-fits-all structure for the digital age.
Non-IT executives will play an important role in leading cybersecurity teams in new structures.