Time to Do Your Homework on CISOs

Company executives, are likely prioritizing and reviewing business operations, internal processes and budgets. Better cybersecurity programming is likely not on this list. But that needs to change quickly.

Cyber protection is a “MUST-have," not a "nice-to-have," component of your 2023 business plan. As technology evolves, so does cybersecurity’s ability to protect a business from cybersecurity attacks and threats.

According to DatSure24’s Chief Technology Officer, Mark Musone, businesses need to build, maintain and constantly upgrade their cybersecurity defense. This includes:

• Scanning

• Assessment

• Monitoring

• Repair/Response Plan

• Employee Education

For a truly successful defense, companies MUST employ someone who has security in mind. Company decision makers, especially those with an in-house IT department, will likely look to do this internally. And it's certainly possible. However, regulations, including New York State Department of Financial Services - 23 NYCRR 500, require compliance, so companies who don’t have dedicated IT personnel or whose IT department lack the experience, training, or manpower to oversee this program need an alternative solution.

Enter, the CISO. Never heard of it? It's time to do your homework.

What is a CISO?

Short for Chief Information Security Officer, a CISO is responsible for the oversight and management of the company’s cybersecurity program.

What are a CISO's responsibilities?

• Cybersecurity Program Oversight, Monitoring and Administration

• Thoroughly document cyber threat protections and tools used

• Identify any weaknesses in the threat protections and recommend areas for improvement

• Develop information security policies and procedures

• Conduct log analysis of event data

• Maintain a cybersecurity program that protects the organization and is in accordance with any applicable compliance requirements

• Review current security awareness training program and develop where necessary

• Conduct incident response training with staff

• Report to board of directors/management annually

Why is a CISO important?

Not having proper cybersecurity programming in place is a great business risk:

• Globally, the number of enterprise-level cyber attacks has risen exponentially in the past year; recent estimates put these numbers at around 500 million worldwide.

• In 2021, of the total number of entities attacked, 16% were hacked once, but 60% were hacked twice or more.

• In September 2022 alone, hackers successfully gained access to and compromised 35 million files, targeting companies’ assets, highly sensitive files, or data.

• Breaches caused by ransomware, in particular, have increased not only in number (by 41% in 2022 alone), but in cost.

• The average ransom per breach was more than $800,000 in 2021, as compared to approximately $500 in 2016.

• In 2022, total cost to companies for the entire recovery effort averages $1.4 million.

• 43% of data breaches involve small businesses; 60% of the businesses attacked filed for bankruptcy within six months of the attack.

In addition, companies who don't comply with industry-specific regulations face serious repercussions, including reputational, financial, criminal charges and prison time.

How much does a CISO cost?

According to Stratus, research from industry leaders, including IBM, a healthy cybersecurity budget should make up nine to 14-percent of an overall IT department’s annual budget. ​

For a company with a $1 million budget, for example, this means a cybersecurity budget of $90,000-140,000. The annual salary for an internal CISO is between $225,000-250,000. An external CISO costs between $100,000-150,000 annually. Including small businesses, approximately 15-percent of U.S. companies make over a million dollars net revenue per year. This means that employing an internal CISO is unrealistic for the majority of companies.

Where does the CISO process begin?

DataSure24's CISO program begins with conducting a cybersecurity assessment to determine an organization’s strengths and weaknesses, compliance with any requirements, and overall security posture. Based on the findings, security professionals work with company representatives to develop a system security plan that best meets an organization’s needs.

DataSure24 understands that every organization has different strengths and weaknesses. The CISO will work with a company to recommend changes or enhancements to its program and processes, implement technologies, policies, and procedures where necessary, and create an all-inclusive managed cybersecurity program.

As the CISO, DataSure24 will be responsible for the oversight and management of this comprehensive cybersecurity program.

Homework done.

Does your company have the right cybersecurity plan in place? Contact DataSure24 at info@datasure24.com, or go to www.datasure24.com, for more information on how our customizable services may help protect your business.