5 Security Questions Boards Should Answer After COVID
As the world races to recovery, boards of directors of companies of all sizes try to determine the next step. And a growing part of this “next” is about security. As a result, many boards find that their relationship with cybersecurity has changed.
Today, basically, I see two types of boards: those that adopt a defensive posture linked to their safety and those – to borrow a sporting term – that play in attack. Defensive councils still view cybersecurity as a cost center and as a tactical element that concerns uptime and reliability. Offensive boards, on the other hand, see IT as a strategic element that will help transform their business. Offensively minded boards seek to transform IT from a cost function into a profit center. These progressive boards, which are becoming more and more common, are always looking for ways to increase revenue while reducing risk.
Where advice focused during the pandemic
During the pandemic, the role of IT was at the forefront for many boards of directors. After all, it was IT that made working from home possible and supported ongoing business operations in a socially remote world. While working from home is not a new phenomenon, before the pandemic, many CIOs lacked the mindset to get more than 90% of their workforce to log on from home. Out of necessity, senior management and boards of directors have realized that, in fact, employees can be productive when they work from home. Once that remote work shifted from the possibility to the necessary reality, concerns in the early days of the pandemic turned to ensuring that employees log on securely. Boards and management were also looking to learn more about access models and whether it would be better to move all traffic to corporate data centers rather than using the cloud more often. . Business resilience was the other issue that became a priority for boards of directors, and it is an issue that remains of critical importance today.
In search of post-pandemic resilience and innovation
Progressive-minded boards now seek not only to be resilient, but also to change the way they operate and innovate. Many boards are thinking about what their organizations should be doing differently, and better, now, compared to what they were doing before 2020. Therefore, boards have asked their senior management what steps can be taken to ensure that when another unpredictable incident happens, the organization has the right scale, capacity and strategy to weather the storm and come out stronger.
The post-pandemic playbook for boards
There are five key questions boards will need to address, and ask leaders to answer, in the post-pandemic period:
- How does IT impact revenue? Boards of directors will ask IT leaders how the company’s technology strategy demonstrates an impact on revenue. To answer this question, IT will need to demonstrate a comprehensive digital transformation program that not only examines the technology, but also the risks. When IT leadership presents to the board, there needs to be a full 360-degree picture of everything, versus just having to invest money in technology.
- Are you in control of the company’s business risks? The board will need to understand, not only from a technological perspective, but also from a people and process perspective, all of the various impacts that cyber breaches have on the business. They will need to know that the company’s cybersecurity branch has taken all necessary steps to mitigate or accept these risks.
- What are the company’s IT priorities? During the pandemic, priorities changed. For many companies, this meant that a large number of IT related projects were put on hold. With the return to normalcy and the return of more and more people to the office, the board needs to understand what are the main IT priorities of the company and the associated impacts of these projects on security.
- What is the path of innovation for the company? Boards, by their very nature, are really concerned about the future. They want to know that their business is innovating and that transformation programs are in place to drive new growth. As the company seeks to digitize and make a secure transition to the cloud for application development, storage and compute resources, the board understands that there can be no digital transformation without cybersecurity .
- How is the IT organization improving? The board wants to know how the CIO and CIO are continually improving, and their IT teams, in terms of skills and capabilities. This includes the ongoing challenge of managing talent and attracting the right skills into the organization, as well as ensuring that existing staff also have training and education programs. The board should also understand what the career development plans of the IT leadership are. Basically, the board wants to know if and how the IT organization is developing new skills to respond to all the innovations that the business needs.
The pandemic period has taught organizations what it takes to be resilient. The post-pandemic period will be when businesses move beyond mere resilience to focus on the elements that lead to positive outcomes and innovation as the global economy recovers – and from now on, management. risk will be an essential element.
For more expert advice and information on the issues shaping cybersecurity today, visit Palo Alto Networks CXO Perspectives.
Copyright © 2021 IDG Communications, Inc.