For banks and financial services institutions of all sizes driving digital transformation is one of the most important projects they can undertake today. From increasingly sophisticated threats to information to demands for improved customer experience there is a clear need for innovative technologies to be incorporated into the IT stack.
Register Now: Avoiding Governance, Risk & Compliance Pitfalls
Typically, these upgrades and improvements are viewed as being a ‘one off’ project by the department that needs or has initiated the change, rather than part of a comprehensive and coordinated digital transformation program. In their haste to drive change and deliver an improved end product to their stakeholders, these individual departments can create IT obstacles and security risks that can end up derailing digital transformation efforts.
Enter the CISO.
While the Chief Information Security Officer (CISO) has been an established role for banks and financial institutions for the better part of 25 years, the position is taking on new significance in this current era of digital transformation. Where the CISO was once accountable for reducing the risk from cyber threats, that role is evolving, and the key responsibilities are shifting so that the emphasis is no longer solely on the ‘S’ for security but placed equally on the ‘I’ for information.
Under this new definition the CISO becomes almost omnipotent – an all-knowing business leader – who not only understands the risks that come from outside the organization but is able to anticipate how internal digital transformation initiatives will affect one another and, more importantly, how they will affect the security posture of the organization as a whole. “Protecting sensitive data is a top priority,” said Michael Brown, Field CISO, Financial Services from Fortinet, “but it can’t come at the expense of effective, compliant operations. The CISO’s unique view of both security needs and business goals allows them to lead organizations in remaining competitive and meeting customer needs without sacrificing security.” By understanding the vision and scope of all digital transformation initiatives across the organization the CISO can create a unified plan that bakes security in from the get-go.
In other words, the CISO is moving from a tactical role to a strategic position that breaks down siloes, and brings developers, engineers, and security personnel into lockstep. With this unified vision driving digital transformation it is easier to bring new services and essential applications to stakeholders more quickly and with fewer security risks. Moreover, security stops being seen as a hindrance to business and, instead, becomes a business enabler.
But not all financial services institutions can afford a full-time CISO. Of course, the ‘big banks’ like Chase, Truist, and Wells Fargo all have a CISO to guide the digital transformation process and deliver improvements and new applications quickly and securely. However, with the recognized need for this role, a new type of CISO has emerged – the virtual, or vCISO. A vCISO brings all the knowledge and experience but at a fraction of the cost of a full-time employee, putting them within reach of small and medium-size financial institutions.
“Small and medium-sized banks and other financial institutions rely heavily on their personal relationships with customers to grow and serve communities across the country, often in areas where the bigger banks have little presence,” explained Randy Norris of Atlantic Data Security. “As well as personalized service in the bank, these customers still want to access digital banking services and it can be a challenge to create a secure digital transformation plan for these smaller banks. However, the emergence of the vCISO helps solve this problem by giving small and mid-sized organizations the opportunity to work with an experienced CISO to set strategy, create a digital transformation roadmap, or deliver an essential application in a way that’s affordable.”
In today’s competitive financial services industry, it’s imperative that banks and financial institutions of all sizes can drive digital transformation and deliver new services to their customers. While financial institutions can attempt digital transformation without a coordinated roadmap or broad-based oversight, the chances of success are greatly improved with a skilled CISO. The CISO – whether a full-time employee or a virtual CISO – is uniquely skilled at breaking down siloes, connecting teams, anticipating threats and obstacles, to deliver success on time, on budget, and in a way that enhances organizational security.