Whether you are one to use the “R” word or not, the fact of the matter is that the US economy has been experiencing slow growth and record-setting inflation. Couple this with employer-driven hiring stagnation and sweeping layoffs, alongside employee-driven quiet quitting, and things may directionally appear shambolic at best.
As the economic downturn continues, cybersecurity threats have only increased. According to Cybersecurity Ventures, cybercrime is forecasted to cost $8 Trillion USD this year alone, with a projected incremental growth of $2.5 Trillion USD by 2025.
As we are all too aware, the worsening economy has also brought an increased risk of omnichannel cyberattacks alongside the continuation of credential phishing. These major issues have only exacerbated as the WFH culture has gained saturation and employees more regularly use personal devices to access corporate networks.
Economic instability has also caused most companies to spend less. As a result, org-wide budget cuts have become a norm and unfortunately neither information security nor technology budgets have been spared from these cuts, despite this year’s increase in threats and risks.
Given this climate, many CISOs have found themselves needing to prioritize initiatives in a way that drives the most value for the organization, oftentimes without an ability to implement a fully comprehensive strategy. The sheer request to prioritize initiatives may feel like an impossible task in and of itself. Why? Because the criteria behind what is “most valuable” for the organization can be nebulous, at best. And non-InfoSec stakeholders, even at the most senior level, may not understand the breadth and depth of these decisions and tradeoffs.
So, what to do?
4 Things CISOs Can Do
- Align on priorities: Make sure that you, or someone on your team, meets with leaders across the organization to get a clear understanding of how each department is prioritizing initiatives and why. What does your organization value most according to your CEO, your CRO, your COO, the Board, etc.? How is the entirety of the team aligned to reach these goals? For example, while a CRO may be most concerned with guarding against data breaches as their #1 priority, a COO may be most concerned with insider threats as their #1, with data breaches prioritized as #5 on their list. Ensuring that you understand what stakeholders are prioritizing and why will help you to succeed with your allocation of limited resources, and to better prepare the leadership team.
- Befriend Automation: What are you and your team currently working on that can be automated? Yes, change takes time; but if there are menial tasks that are draining bandwidth and thereby making it more difficult to get to the bigger items, it’s time to automate. Not only will this enable you to do more with less, but it will free up critical bandwidth so that your team can be more strategic.
- Overcommunicate: Yes, the entire organization goes through mandatory cybersecurity training upon the required cadence, but make sure your leadership team is consistently empowering their departments to help create the protective moat. It’s all too easy for folks across the org not to pay attention until it’s too late. We talk more about empowering your colleagues here. And this can be a cost-cutting way to get more done with less.
- Know Your Worth: If you feel like you are completely spinning your wheels and your organization isn’t engaged or reciprocating your level of devotion, it may be time to reflect on your position within the organization. CISO roles are in high demand right now and you should be in a place that values your input and acumen. Talking with your manager, your HRBP, an Executive Coach, and/or your peers can help if you’re feeling stuck, underprepared, and underappreciated in your role.
With lower budgets, more threats, and questionable headcount things may seem bleak. That said, there are strategies that can help you and your team get through these uncertain times and beyond. Overcommunicate with your leadership peers to ensure everyone has a clear understanding of the state of the state and make sure to use all of the tools at your disposal. Don’t see the tools? Ask for help. Sometimes another set of eyes can lend exactly the perspective we need to reframe something that seems dismal into a path to peak performance.
