The accountability for safety became clear after the C-suit targets, matrix and cyber performance in annual incentives. This gave more impact to CISO. The interaction about the conversation due to weak software development, fishing hazards and sellers was implicated in terms of budget, bonus and brand reputation rather than only technical risk.
As the role develops, CISO needs to remain in front and centers in risk management discussions. The information security team has an opportunity to consider more at cyber risk, just as a lot of financial risk is managed outside the finance team.
What are your plans in retirement to advise companies to stay innovative and strengthen cyber security?
Meg Anderson: I am currently advising some companies – not through formal engagement, but by mentioning cyber security leaders. It is incredibly rewarded to help navigate the challenges of career and leadership of leadership. It is less about telling them what to do and more about helping to think through “why” and “how”.
