UK Security Chief: CEOs Must Get Closer to Their CISOs

Company leaders should be as close to their chief information security officers (CISOs) as their general counsel or finance directors, the head of the National Cyber Security Centre (NCSC) will argue today.

In her first public speaking engagement, NCSC CEO Lindy Cameron, will tell a virtual audience at Queen’s College Belfast this morning that security must be given more attention in the boardroom.

“Cybersecurity is still not taken as seriously as it should be, and simply is not embedded in UK boardrooms. The pace of change is no excuse — in boardrooms, digital literacy is as non-negotiable as financial or legal literacy,” she will argue.

“Our CEOs should be as close to their CISO as their finance director and general counsel, and we want to help them to develop this knowledge, as we’re all too aware that cyber-skills are not yet fundamental to our education — even though these are life skills like wiring a plug or changing a tyre as well as skills for the future digital economy.”

Cameron’s words are backed by recent Trend Micro-sponsored research from analyst firm Enterprise Strategy Group (ESG), which revealed that only 23% of Western European and North American organizations prioritize the alignment of security with key business initiatives.

Some 44% of respondents said their board has limited involvement in many critical cybersecurity operations, meaning it is only prepared to fund the bare minimum.

The analyst urged firms to create a new role of business information security officer (BISO) to better align board and cybersecurity priorities.

The NCSC’s Cameron was appointed in July 2020 after a career spanning two decades in national security policy and crisis management. Her predecessor Ciaran Martin had been CEO since the center was spun out of spy agency GCHQ in 2016.

She will report to GCHQ director, Jeremy Fleming.