It’s a logical expansion, these experts say. CISOs have been coached for years to identify how cyber risks pose business risks and to understand which risks represent the biggest risks to the enterprise, whether the impact of any of those exceed the organization’s tolerance for risks, and if so by how much.
That CISO work is more critical than ever, they further assert. Nearly all business operations have become digital. That fact makes any cyber risk a material risk to the business, and it makes resiliency an operational imperative today. As such, the CISO should be a key player in assessing and managing business risk.
“CISOs had once been focused on IT and cybersecurity risk. They’d ask, ‘What are the risks I have for platforms, applications, systems, the tech stack?’ It was a very flat plane,” says Paul Caron, global managed services lead and head of cybersecurity for the Americas at S-RM, a global corporate intelligence and cybersecurity consultancy. “But it has evolved in the past few years, and now CISOs are being pulled into new areas. They’re being asked, ‘What are the risks to the business?’”
