The Evolution of Cyber Leadership and Governance
By Louisa-Jayne O’Neill, Director, Templar Executives
1st May 2024
For any organisation, effective leadership and governance are key. Clarity of aim, and an understanding of the available tools and capabilities that can support an organisation and its outcomes, are fundamental. So too is an understanding of the threat.
As a child I toyed with the idea of keeping a diary, but doubted I would have much of interest to say. My grandfather (1900-1985), had seen massive changes through his lifetime: the shift from horses to the motorcar; electricity in the home; telephones; radios; TV; space travel; computers. Aged twelve I wondered, what could possibly happen in my lifetime to equal that?
As a graduate of English with Anglo Saxon and Old Norse, there have been a number of unexpected outcomes. Firstly to find myself working internationally as a Diplomat, then published in the E:CO Journal of Complexity; next, leading change within a complex IT programme, then a Director at Cyber Security specialists Templar Executives. Let alone to be teaching on the Cyber Executive MBA at Lancaster University. This of itself illustrates how the world continues to change – and the diversity of skills and capabilities required to manage the growing complexity of the digitised environment.
Today it seems new innovations are being introduced week on week, both in our homes and in our working lives. While society had some time to accustom itself to motor vehicles and to develop ‘rules of the road’, the information superhighway allows no such luxury. And, for every digital innovation, various disbenefits seem to emerge just as fast. In the work environment it is becoming less clear whether today’s early adopter is genuinely gaining market advantage or whether they are merely making themselves, and their organisations, open to exponential risk.
Whether in the UK or overseas, and whatever the sector, similar questions arise. How do we differentiate ourselves from our competitors? How can we best meet the evolving needs of our customers and clients? How can we best take advantage of the latest tools? And how do we minimise the vulnerabilities and risks to our systems or data?
Getting the balance right, and weighing the various considerations, appears a complex challenge.
For any organisation, effective leadership and governance are key. Clarity of aim, and an understanding of the available tools and capabilities that can support an organisation and its outcomes, are fundamental. So too is an understanding of the threat. Establishing a defined structure can help to manage and mitigate risk, as well as providing a means to manage the complexities of modern enterprise.
A key consideration, of course, is people. Individual accountability must also be clear – be it accountability for specific systems or data, or regarding a person’s own awareness, conduct and usage. Individuals will always be inclined, consciously or subconsciously, to look to the leadership to understand what is expected. Peoples’ own behaviours reflect what they see.
The Evolution of the SIRO
As organisations become more susceptible to digital disruption, including through Cyber incidents, so shareholders and the public are becoming more alert to Cyber and information risk. Consequently, an emerging role is that of the Senior Information Risk Owner (SIRO). This function has long been mandated in UK government bodies and is increasingly being taken up by businesses.
The SIRO is a delegated board-level Executive or Senior Manager on the Board who is responsible for information risk and the organisation’s response to it. The role of the SIRO is to take ownership of the organisation’s information risk policy and act as an advocate for information risk on the Board.
Significantly, there is a growing recognition that information and Cyber security is not just the province of the IT team but that it is a fundamental business issue. For this reason, the SIRO may as readily be the CFO, COO or Company Secretary, as much as a technical or IT lead. Such an approach provides a board-level focus for information and Cyber assurance, alongside and complementary to the CISO. It also helps Cyber Security to be understood as a corporate and collegiate endeavour in which everybody has a part to play.
Managing The Cyber Challenge
The world is at once becoming more complex and more complicated, and it is easy to feel overwhelmed. But countless professionals, from all backgrounds, have embraced the challenge and turned it to corporate, as well as professional, advantage. This is why I am so looking forward to the forthcoming Cyber Leadership Symposium that Lancaster University will be hosting, jointly with Templar Executives, on 18th and 19th September. This year’s theme is ‘Managing Progress in the face of Complexity’ and will showcase the latest approaches – and hard-won experience – of those who have been facing, and embracing, the range of Cyber and information leadership challenges day to day.
The world in 2024 is a long way from the experience of my grandfather – and beyond anything that I might have envisaged when I first considered keeping my own diary as a child. An autonomous vehicle would have been just as unthinkable as a driverless hansom cab, let alone Instagram, drones and AI.
I do, however, know from previous events that this year’s Symposium will be an occasion to remember. Progress and the complex is a rich vein, especially with all of the people who will be in that room with such range of experience and a hunger to learn. Some will be my future students; others will be sharing tips and insights that I, in turn, will pass on. So forgive me if I step outside to raise a quiet toast to the complex, the complicated, the straightforward and the unexpected. And, perhaps, a nod to previous generations who, like all good leaders, embraced whatever was thrown at them and tried, as best they might, to look to the future. I look forward to seeing you there!
Templar Executives and Lancaster University invite you to attend our third annual international Symposium on Cyber Security Leadership to be held at Lancaster University on 18th and 19th September 2024.
Hosted by Templar Executives and Lancaster University, this two-day Symposium is a unique opportunity to share thought leadership perspectives and network with like-minded professionals. Whether you’re seeking progress in your career or are a seasoned Cyber leader, this event is tailored for you.