What a CISO Can Do for Your Board


Man pointing at laptop for his colleagueIf you and fellow board members have ever felt like the leaders of the “No” department, you have something in common with the average chief information security officer. People tend to think of CISOs as innovation cripplers. But, that’s changing. As more businesses begin to see security as a competitive differentiator, rather than a necessary evil, CISOs are becoming critical business enablers.

Importantly, there is a difference between the perspective a CISO can bring and that of a CIO or similar technology expert. CISOs helps outline the strategic security framework, and CIOs determine the best execution path. In other words, they work together, and neither should be considered a replacement for the other. When a technology expert and CISO partner on a board, you get the best of both worlds.

By encouraging your CEO to consider the addition of a CISO to your credit union’s staff or by adding a volunteer with  CISO experience to your board, you can begin to experience this evolution for yourself. Here are just a few of the benefits you can expect:

Good, Healthy Tension
Running a financial cooperative successfully requires leaders to take appropriate, calculated and reasonable risks.  Today’s CISO understands this; he or she also knows how important it is to knock the member experience out of the park. By putting a CISO in the mix, credit unions cultivate a good, healthy tension between business enablement and the security of systems, platforms, tools and data. What you will get from your CISO is a leader who looks beyond technology, providing security guidance and direction even on non-technology related issues.   

Faster Innovation
Think of a CISO as brakes on a car. Without the security of brakes, you have to drive slowly to prevent an accident. Good brakes allow you to go as fast as the law allows with the peace of mind you can stop safely at any time. With an experienced CISO’s input, credit union leaders move quickly on things like migrating to the cloud, integrating a new technology or developing a new product. The CISO injects confidence into the decision-making process, allowing the credit union to evolve, digitize and transform as fast as the law allows.
Stronger Reputation
Seventy-five percent of consumers say they would stop purchasing from a company that failed to prioritize security. With strong CISO oversight, a credit union reduces the risk its members will ever have this perception of their cooperative. The reality of today’s always-on, always-connected business environment is that your credit union will experience an intrusion at some point. How much of an effect it has on your organization and its members is often dependent on your ability to detect and stop attacks before they do irreparable damage.

Another Set of Eyes
Having a CISO on the board has obvious benefits for a small credit union that may not have that expertise on staff. Even large credit union, however, can benefit from a second set of eyes on a decision and the addition of outside expertise. This is particularly true when the CISO comes from a different, often-attacked industry, such as healthcare or hospitality. Those sectors are under constant and increasing assault from cybercriminals. CISOs from these and similar verticals can bring a valuable “heads up” perspective to the credit union.

Happy Regulators
A CISO on staff or on the volunteer board of directors has another really valuable benefit: It demonstrates your credit union’s commitment to security and privacy. Documenting the decisions made with the help of your CISO is an added bonus that will make it exceptionally simple to communicate this individual’s role in maintaining the security and soundness of your credit union come exam time.

If you agree your credit union would benefit from the above, begin your recruiting efforts by getting a level-set on the difference between a CIO or IT security expert and a CISO. This way, everyone involved in finding the right hire or volunteer understands what you are looking for. The main area of distinction centers on the strategic view of security controls. Whereas the IT security expert is likely focused mainly on battening down the hatches, the CISO aims to do that while also driving the credit union forward by enabling it to provide exceptional, secure member experiences.

Paul Love is chief information security officer for CUES Supplier member CO-OP Financial Services, Rancho Cucamonga, Calif., a provider of payments and financial technology to credit unions.

Questions for Your Boardroom:

  1. What CISO expertise do you currently have?
  2. How would having more information security knowledge on your team benefit your credit union?
  3. Where would be the sensible place for a CISO at your credit union? On the staff? On the board?