A business associate and friend of mine actively encourages what he calls “healthy conflict” within the leadership of his small business. Admittedly, he isn’t great at managing when that conflict becomes unhealthy, but I think his goal is still very valid. A business may not achieve its full potential without facing challenges and having competing ideas to address those challenges. The healthy conflict strategy also promotes leadership in preparation to defend and socialize their ideas to a larger audience.
An equally valid question to ask is; does your company’s leadership contain appropriate representation for the future of your business? Does the right department structure exist? When challenges come and the business needs competition of ideas, is your round table lopsided? Do the departments in your company have enough of a voice? These are some very important and introspective questions. The exercise to evaluate and reassess your company structure couldn’t be more important as the challenges facing businesses change.
We have seen a healthy trend in larger companies, inviting information security, privacy, and data management to sit at the leadership table. In doing so, the threats, risk, and exposures are represented and weighed to support better business decisions. There are challenges replicating this trend with small and medium-size business. One of the major hurdles is the cost of these resources. Information Security professionals are in demand and a qualified CISO can command a base salary of over $200,000 in the market today. SMB often can’t afford or doesn’t require full-time information security leadership. That doesn’t mean the need to reduce cybersecurity risk is any less or goes away.
Companies that find themselves facing this resource challenge should consider a “Fractional CISO”. By sharing this resource with other like companies, the cost is equal to the amount of time needed while maintaining the leadership and subject matter expertise required of the position. A fractional CISO can offer competing ideas to reduce risk and support the business at a leadership level. An additional benefit to the Fractional CISO is the breadth and expanse of knowledge. The shared resource is gaining knowledge from other relationships and applying that knowledge across all the relationships.
When considering a Fractional CISO, the business must clearly align the goals and deliverables of the position with the business and programmatic requirements. What will the CISO be responsible or accountable for, contributing to, or just informed of? (Yes, the good old RACI model). If these goals are not clear, consider an independent Risk Assessment to review the policies and procedures of your organization. Often these assessments can identify gaps and act as initial marching orders for a new CISO.
SQ Risk Management Solutions “SQ Risk” is a provider of unique, competitive, and customized risk management programs and services. The SQ Risk Fractional CISO is tailored to the specific needs of your company. The goal of an SQ Risk Fractional CISO is to work with business stakeholders to develop information security and risk management programs to reduce cybersecurity risk and promote sound business decisions.
Contact SQ Risk Management Solutions today (904-584-2061 or email info@sqrisk.com) to explore the benefits of a Fractional CISO in your company.