Culture and governance are key to drive change around cyber security behaviours, but too many awareness programmes focus simply on superficial technical gimmicks. JC Gaillard from Corix Partners deconstructs 3 clichés which have been dominating the security awareness arena for the past decade.
Author: Jean-Christophe Gaillard
This is no longer about understanding what’s being done against cyber threats, it’s about getting it done, and getting it done now.
Cyber Security maturity stagnates because CISOs are structurally prevented from looking beyond day-to-day firefighting
Clarity of roles and responsibilities across Security and IT, and a clear approach putting People and Process first ahead of ready-made Technology solutions, form the only basis on which cyber security maturity can grow, across any organisation, large or small.
As we look towards the next decade, the industry must pivot towards a clearer execution focus: Security cannot be seen any more JUST as a matter of risk appetite or as a box-checking exercise
Nobody can be reasonably expected to be GENUINELY and EFFECTIVELY credible from the board down, across all managerial and technical layers of the enterprise, and transversally across all its silos, from HR to Legal, Procurement or Compliance – and of course across all geographies and cultures for global firms.This profile simple does not exist
“Moving fast and breaking things” has never created trust. Start-ups must build customer trust from early days by embedding sound security and privacy practices in the products and in their culture.