Security Experts:

Connect with us

Hi, what are you looking for?


CISO Strategy

Why Companies Need CISOs and CIOs as Board Members

Diversity Not Only Includes Gender and Racial Diversity, But Also Diversity of Thought

Diversity Not Only Includes Gender and Racial Diversity, But Also Diversity of Thought

We’ve all heard the phrase “every company is a technology company.” Today, that’s truer than ever. As companies started to realize the business value digital transformation unlocks in terms of operations efficiency, performance, and quality of services, they began opening new connectivity vectors to enterprise infrastructure and collecting data from machinery and processes and storing and analyzing it in the cloud. Others have progressed even further with devices on the edge or robots in warehouses and on factory floors that monitor, manage, and execute processes leveraging the power of machine learning and artificial intelligence. 

Digital transformation has been good for business and is here to stay. The COVID crisis has underscored this reality by accelerating transformation and introducing change to everything – from how we communicate and collaborate to how our infrastructure is organized – resulting in huge shifts in business and operating models. It’s why we’ve seen Zoom soar to a $129 billion market cap, and the CEO of Microsoft stating that they’ve seen two years’ worth of digital transformation in two months. 

Obviously, the biggest changes and opportunities are for the infrastructure companies themselves. But even companies in sectors like manufacturing that had begun to embrace digital transformation initiatives around the cloud, SaaS applications, and secure remote access, were able to pivot faster for competitive advantage. They had already started thinking about cybersecurity as an enabling factor in an expanding and open environment, where IT and operational technology (OT) network convergence is inevitable. Guided by strong technology leaders, IT and OT teams have been able to support dramatic changes to the workplace – sometimes overnight – with data and processes secured. 

As digital transformation and cybersecurity become pillars that successful companies will build their futures on, the time has come to include CISOs and CIOs on company boards. It’s no secret that diversity is a hot topic these days. However, diversity not only includes gender and racial diversity, but also diversity of thought. Technology expertise is especially lacking at the board level. In fact, a new report (PDF) finds that in 2019, approximately 70% of new independent directors came from CEO, operating or senior finance experience, with no mention of technology experience representation. As the discussion on risk and security is heightened and becomes more complex, organizations must look towards a future that includes technology experts on their boards. 

The value CISOs and CIOs bring to the table

Depending on how far companies were on their digital transformation journey prior to the pandemic, they either saw the benefits or experienced the pain of transitioning to a remote work model. Now that the initial rush to support a shift to a more distributed model is behind us, companies have an opportunity to do two things: 1) pause and consider what work still needs to be done to further resiliency, and 2) plan how to move further along their digital transformation journey securely, to continue to drive competitive advantage and emerge stronger from the global pandemic.

Risk is an essential part of any executive decision. But as enterprises adapt to their current state and initiate new digital transformation projects, many are finding that accurately identifying risk – much less reducing it – is exceedingly complex, particularly in industrial environments. Boards need to include CISOs and CIOs at the helm of their leadership who can provide advice on moving forward with digital change initiatives and help companies prepare for the future. As board members, CISOs and CIOs can explain how changes to the infrastructure can increase growth and reduce risk, as well explain the organization’s risk posture, including exposure from new initiatives and the relative impact of potential breach scenarios, and what can be done to mitigate risk. They can also elevate the conversation to ensure understanding, more informed decision-making, and total business alignment, which is especially crucial during a crisis when companies need to move even faster.

When boards lack the CISO and CIO perspective, various scenarios can play out. In some cases, we see complacency where some boards feel they’ve done enough. The immediate urgency has passed, and they plan to continue with the status quo until life “returns to normal.” In other cases, boards have been stymied from making important strategic decisions because they lack the background to understand the full extent of opportunities for digital transformation. They gained an appreciation for what is possible over the last six months and saw the positive impact on the bottom line, but don’t know how to move forward.

These situations are problematic for several reasons. I’ll just name a few:

1. In the rush to support productivity and keep the business moving, most teams didn’t have the luxury to account for failure. It’s time to focus on maximizing resiliency. 

2. No one knows what “normal” will look like. What we do know is that disruptions are inevitable and successful companies will be those that remain agile. 

3. All critical infrastructure sectors are facing heightened threats as adversaries take advantage of an expanding attack surface and legacy devices, never designed for internet connectivity, now being connected. There’s urgent work to be done to reduce exposure. 

4. Boards likely would have embraced digital transformation sooner had they had the benefit of the expertise, experience, and insights that CIOs and CISOs can provide. Companies can ill afford to put digital initiatives on the backburner any longer. They must start rethinking infrastructure and security.

A lack of technology experts on corporate boards is exposing companies to unnecessary business risk and slowing down progress. Now is the time to strengthen resiliency, plan for additional digital initiatives, and begin executing on them. The global pandemic will have lasting effects on how we work and live. We need to make lasting changes to the makeup of boards so we can weather this crisis and future disruptions with better business outcomes and mitigated risk.

Learn More at SecurityWeek’s ICS Cyber Security Conference

Written By

Galina Antova is the Co-founder and Chief Business Development Officer at Claroty. Prior to that, she was the Global Head of Industrial Security Services at Siemens, overseeing development of its services that protect industrial customers against cyber-attacks. She was also responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services for industrial control systems operators. Previously, Ms. Antova was with IBM Canada, with roles in the Provisioning and Cloud Solutions business. She holds a BS in Computer Science from York University in Toronto, and an MBA from the International Institute of Management and Development (IMD) in Lausanne, Switzerland.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Conversations

U.S. Marine Corps and SAIC CISOs Discuss the Differences Between Government and Private Industry

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this edition of CISO Conversations, SecurityWeek talked to two vendor CISOs: Chris Morales, CISO at security and analytics firm Netenrich; and Laura Whitt-Winyard,...


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

CISO Conversations

SecurityWeek speaks to Steve Katz, widely known as the world’s first Chief Information Security Officer (CISO).

CISO Conversations

SecurityWeek examines the role of the virtual CISO in a conversation with Chris Bedel and Greg Schaffer.