Chief information security officers (CISOs) are becoming the most senior executive leader responsible for trust inside an enterprise.
This makes sense, considering trust is the upleveling of the security conversation and runs in parallel with the reputation of the business. When other companies and customers trust your organization, it strengthens customer loyalty and the overall success of the business.
In my recent ISACA Conference North America session, “The CISO’s Role in Driving Trust,” I explored how CISOs can drive trust by partnering with internal and external providers, such as third-party vendors and government institutions. This includes reviewing vendors for more than security (also including privacy, ethics and ESG), performing integrated assessments, supplier due diligence and prioritizing trust-focused collaboration.
For many traits and characteristics that contribute to trust, there are related security considerations and questions with which CISOs must grapple. These include skillfulness (are the collective skills and knowledge of your team sufficient, and if not, what are you doing to address this?), being caring (do you treat customer and employee data with care?), authenticity (how explicit are you about the risk the business is exposed to?), credibility (do you have measurable trust and security metrics?), and many more.
CISOs also have a key role to play in evaluating employee behavior and organizational culture. Examples include:
- Preventing rogue employee misbehavior
- Monitoring toxic work cultures
- Reviewing and recognizing suspicious behavior
- Ensuring a fair work environment for everyone
For CISOs to achieve in these aims, they need to consider what to communicate, when to communicate, how to communicate and who does the communication.
This applies in good times and bad. If there is a data breach or other significant incident, it is imperative that CISOs are transparent about the impact of the breach and what the company is doing from an incident response standpoint.
The security landscape is challenging, so mistakes are to be expected – it’s how CISOs respond to those mistakes that determine their leadership capabilities and ability to build and maintain trust.
Prioritizing building trust is becoming essential for CISOs to be successful, raising the stakes even higher for an already challenging role. By being intentional about partnering with internal and external partners, finding ways to drive healthy organizational culture and incorporating core characteristics of trust to their daily work, CISOs can rise to this challenge and deliver even greater value to their enterprise.