We asked chief information security officers how they plan to get their infosec departments in shape next year.
CISO 2020- It’s that time of year — a chance to take stock of your accomplishments as a security leader in 2019 and decide your priorities for 2020.
First, let’s look back. We know from research that breach rates rose (again) and the cost of one to a business is, on average, $3.92 million — a 1.5% increase over 2018. That’s despite more money being thrown at security. According to the Enterprise Strategy Group, 58% of organizations were forecasted to increase cybersecurity spending this year.
But, hey, new year, new decade, right? It’s time for a new chapter in your efforts to lead security strategy in a fresh and innovative direction. Maybe there’s a new tool or strategy you want to roll out next year. Or a philosophy and process you plan to incorporate. Maybe you just want a happier, healthier outlook for your security team.
We asked CISOs what they are resolving to do in 2020. Here are some of their top goals for the new decade.
Resolve to Make Security a Business Driver
“Infosec is often put in as a reason not to do something or, worse, an inhibiter of great ideas to drive the business forward,” says Jason Haward-Grau, CISO at PAS Global. “2020 is the year that we should really seek to embed the security enablement process into the business. In 2020, I want to ensure infosec is fully embedded into the business value chain.”
“In 2020, CISOs should resolve to understand better how their businesses drive revenue and minimize costs,” says Rick Holland, CISO and vice president of strategy at Digital Shadows.
Resolve to Prioritize Privacy
“My 2020 resolution will be to develop a new strategy around information privacy and to have more coverage around data privacy in the form of a global privacy program,” says Jason Lau, CISO of Crypto.com, who said he will be looking to the recently released ISO 27701 and upcoming NIST Privacy Framework for guidance.
“The current problem in all industries is the lack of awareness of privacy,” he says. “My resolution is to not only promote more awareness of data privacy, but also to officially embed it into different processes within our organization. I believe in injecting different aspects of privacy — in the form of security and privacy impact assessments — early. The product design phase is critical for all organizations to promote privacy by design, privacy default.”