A people first approach to security is critical for success but it seems challenging and sometimes daunting.
By Karl Sharman, Vice-President, BeecherMadden as featured in the Cyber Defense Magazine.
Human error is the number one cause of breaches or incidents according to Willis Towers Watson (almost 2/3’s of breaches). Some of these will be error, but some will be rogue employees or ex-employees. Our research at BeecherMadden found, that in 2019, 86% of cyber professionals are open to moving organizations. Losing security staff creates a business risk, as do disgruntled or disengaged employees. So how can you mitigate this key security risk?
A people first approach to security is critical for success but it seems challenging and sometimes daunting, especially when considered against the two statistics above. A potential solution is for the CISO to appoint a Chief of Staff. The Chief of Staff can focus on the people issues, without needing to have the technical expertise often found in cybersecurity teams.
Bringing in a solid Chief of Staff to remove some of the day-to-day grind could help CISOs focus on the higher-level parts of the job, maintain a more favorable work-life balance, and possibly extend the 18-24 months into more longevity and company loyalty.
This person can drive cyber awareness training, internal education, hiring and retention strategies and bridge that gap across many business units in complex environments. Although this comes at a cost to the business, hiring and education can be far more detrimental to the bottom line as well as damaging market reputation. Furthermore, there exposure to the team will further provide insight into areas for development or preventable issues around staffing, risk or costs to the business.
When speaking about security staff departing, one of the most expensive of those is the CISO. Industry research suggests that the average CISO tenure is only a maximum of 48 months, with many packing their bags even sooner according to CSO.
Salaries have significantly grown in the last year and there is more competition in the market to recruit talented individuals – companies have to create the right environment with a security first approach to appeal to candidates on the market. The Chief of Staff position will provide this in abundance. Retention is a serious issue; Cyber Security Ventures have repeatedly stated about the lack of candidates compared to the amount of open vacancies in the next few years. This means that companies need to take more responsibility in taking care of their staff in such a demanding and ruthless market.
Education for the security team is another aspect that companies are overlooking. It is important not only for the individual, but also for the company itself. Continuous improvement is the only way to deal with the evolving threat both internally and externally. Cyber Awareness is an added benefit to this especially across the wider units of the business as many companies lack understanding of security awareness among end-users, which can lead to more security vulnerabilities (ISC)2.
Finally, the Chief of Staff can be a spokesperson for cybersecurity within the business internally and externally to further drive market reputation for candidates, customers and clients. They will be different to a Human Resource or PR specialist as they will be specialized and knowledgeable on the market and have deep insights to share at conferences, meetings and interviews.
The Chief of Staff is an important role within government and many firms have turned to this model to support staff better for the long-term future of the company. However, cybersecurity needs this more than ever to compete and stand out in a competitive marketplace.
This article can be seen here.