PwC reported that 81% of investors and analysts responding to its 2018 Global Investor Survey ranked cybersecurity among the top three threats to business; more than half of those said that cybersecurity was the No. 1 biggest threat to business. The CISO position is no longer a niche technology role. Cyber presence is sufficiently ubiquitous today that, for many enterprise organizations, the Internet is their primary (if not only) go-to-market platform. In this environment, the CISO's job must be one to step to the forefront and evangelize the following:
- "We are under attack." There are constant attempted cyberattacks — usually automated — every single day against every major enterprise.
- "Our attackers will succeed, eventually." Everybody's being breached. We, too, will be breached someday (assuming we haven't been breached already). We must be prepared with the knowledge and tools to minimize and respond both during and after a breach.
- "Cybersecurity is a business issue — not a tech issue." How we manage our cyber presence and secure our data drastically affects our ability to do business — from an accessibility standpoint, from a brand-trust standpoint, and from a regulatory compliance standpoint.