Collaborating Effectively on Cyber Risk Management by Making it a Team Sport
With more organizations working remotely and a shifting threat landscape, the importance of taking security out of silos and making it an enterprise-wide strategy is greater than ever. In June, featured guests Paul McKay, Forrester Senior Analyst, Kenneth Ord, Head of IT Security at Modulr, and Cathy Pitt, Chief Security Officer at Plex Systems, joined us for a webinar to discuss how they have modernized their cyber risk management practices.
How do you make security a collaborative initiative?
The first step to making security a truly collaborative initiative, according to our expert panel, is understanding how to support your business’s revenue goals by pinpointing how cybersecurity fits into your overall business strategy.
“It’s only through having a real understanding of the real operations and profit and loss drivers for the business that you can really get that sense of what is truly critical to the organization. Once you have a view of that, I think that really helps you to prioritize your spending,” McKay said.
Our discussion also revealed the importance of embedding security champions within each business unit and having top-down support in making cybersecurity an enterprise-wide core value.
How do security ratings tools help you reduce third-party risk?
In the spirit of collaboration, our panelists recommend keeping conversations with both your internal teams and vendors constructive, rather than confrontational. They’ve found security ratings to be an invaluable tool for driving productive, fact-driven dialogues about cybersecurity.
For Ord, SecurityScorecard Ratings provide more than a one-off score. He uses the platform to constantly monitor the company’s vendors, communicate security issues to them, and to assess their commitment to remediation. “We maintain a constant view [of ecosystem risk], and SecurityScorecard is how we do that,” he said.
Forrester’s research shows that security ratings are becoming an increasingly important part of board-level communication. For Pitt, they allow her to present risk findings, track progress on remediation, and show an objective competitive benchmarking metric at the executive level.
“What I’ve generally found is that the risk ratings solutions have been a real level setter,” said McKay. “Because it’s quite simple and easy to understand a letter or a number going upwards or downwards, and to have a good conversation about the factors that are driving it. You can keep that at a level where you’re not talking down at your executives.”
Just as your cybersecurity program relies on effective collaboration, you need your security tools to communicate with one another, according to the panel. McKay notes that a lot of solutions are built in isolation, and that in order to overcome this pitfall, the most important data points need to be visible to everyone within the organization.
Learn more about making cybersecurity a team sport
With the spirit of collaboration and the use of tools like security ratings, you’re well on your way to meeting today’s cyber risk environment. For more on how to modernize and operationalize your cyber risk management program read our ebook, “Five Steps to a Modern Cyber Risk Management Team.”