Over the past couple of years board of directors have become highly aware of the risk of a cyber-attack and more involved in a company's measures to prevent breaches. Historically, there was less at stake with cybercrime—attacks were less sophisticated, less frequent and less of an organization's business was online.
This, as we know, has changed drastically, as made painfully aware by massive customer data breaches, such as the Anthem and Target breaches. Through boards' informal social and business networks, which often cross industry lines, awareness of new breaches and cybersecurity measures organizations are putting in place travels quickly.
This is leading to cross-pollination of concerns, cyber risks and cybersecurity investments taking place, and in turn, is accelerating the rate at which boards are becoming aware of cybersecurity vulnerabilities and is driving direct involvement in bringing professionals on-board for cybersecurity assessments and advisory.
The growing involvement of the board, and also non-IT/security executives (e.g. CEO, CFO, CRO), in cybersecurity matters is changing the skillset required to be a successful cybersecurity consultant. When the primary buyer was the CIO or CISO, cybersecurity consultants focused on advising clients on IT products to protect IT assets (e.g. networks, applications, databases).
Now, in addition to being knowledgeable on tools and products available and IT requirements, cybersecurity consultants must also have strong and established board- and executive-level relationships and be able to identify, measure and convey cybersecurity risks to the business as a whole, rather than only within the IT network.
Additionally, the new cybersecurity consultant needs to possess the ability to assess risks to enterprise customers and business partners, such as discussing a cybersecurity-modified ROI that weighs the value of cyber investments.
This expansion of the cybersecurity buyer is playing out favorably for those consulting providers that have established relationships and credibility with boards and executives at Global 2000 companies.
However, a relationship and business-side expertise is not enough—there is a still a need for access to leading-edge technologies and expertise in order to deliver a holistic cybersecurity solution. This need is leading to fast-paced investment (e.g. acquisition, partnerships, hiring) by consulting firms to build a cybersecurity practice that can address each angle of a client's needs from a clearly defined business case down to the technical requirements of a comprehensive cybersecurity program.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.