While regulations at national and international levels are designed to boost resilience, organizations must balance meeting them against ROI targets – and the ongoing shortage of diverse talent is only complicating matters.
The first episode of our second series assesses the role regulation, policy making and diversity play in enhancing collective Cyber Resilience. With governments around the world establishing regulations to boost resilience, organizations are left wondering how best to invest to meet regulatory requirements and maintain security while also meeting their ROI benchmarks.
In this episode of “Need to Know” host Liz Green, EMEA Advisory & Cyber Lead at Dell Technologies, is joined by Yasmin Brooks, partner at Brunswick Group.
Listen In To Learn
- Why regulation sets a vital benchmark for security at national and international levels, but cannot be prescriptive – and must involve industry during its development
- How ensuring maximized Return on Investment when it comes to resilience spending is down to hiring the best people and partners
- That increasing diversity in Cyber Security is about myth-busting and making the next generation of talent aware of the breadth of roles and skillsets within the industry
Striking the right balance
“The right incentives can be a much more powerful driver of change”. –Yasmin Brooks
Regulation serves many vitally important functions when it comes to cyber security and resilience. In areas like critical national infrastructure and security assets, ensuring strong and consistent regulation at national and international levels is the bedrock of effective security and resilience.
However, regulation is only part of the answer, and is frequently used as a tool for allocating responsibility without any further functionality. Building effective cyber security is a shared responsibility, and governments and regulators building a lasting and deep partnership with businesses and industries is more impactful than regulation alone.
When regulation becomes too granular or specific, it can quickly become dated, especially in the fast-moving digital environment. Over-regulation can become prescriptive and create unwieldy compliance regimes that risk distracting organizations from taking action on the risks that are most important to them.
While there is an impulse towards increasing regulation as threats continue to evolve, this impulse should be checked and an attitude of ‘not more, but better’ be adopted. Carefully targeted legislation, developed in partnership with industry and business, will create an enabling environment and reduce both friction and risk.
The most bang for your buck
While ensuring high levels of resilience and security are a priority for all organizations, balancing these against achieving good ROI is also a key consideration. There are multiple factors at play when it comes to establishing this balance, with organizations needing to consider the nature of their infrastructure, its age, the countries they operate across, what data they hold and the uses for that data.
The biggest factor in ensuring maximized ROI is having the right people in the right place within your organization. Not only do you need employees that understand the ‘risk picture’ of your organization and any gaps that will need to be filled, but also those that understand how these risks can impact your organization and are able to communicate this to C-level decision makers in an accessible way. Seeing how potential outcomes like reputational loss, impact on commercial relationships and effects to share price can be avoided with the right investments, and then communicating this to the people who make those investments, is a sure way of marrying positive ROI and effective Cyber strategy.
Inspiring the next generation
“A lot more can be done to myth-bust what a career in cyber could entail”. – Yasmin Brooks
Although we are seeing an increase in diversity and inclusivity across the Cyber security industry, more needs to be done to encourage the next generation of diverse talent to pursue careers in the space.
Myths around what a career in Cyber security entails need to be debunked, especially ones involving applicants needing certain qualifications or technical experience and ability. There is a diverse range of roles and skillsets across the space, from project management to legal and compliance and communications roles, and potential applicants need to be made aware of this wealth of possibilities.
One of the most effective ways to both deconstruct these myths and broaden diversity is for established role models within the industry to act as mentors and figures of inspiration for the next generation of talent, and to step forward and showcase ‘what great looks like’.
———
At Dell Technologies, our objective is to provide a deep and broad portfolio of products, delivering specialist solutions for our clients, and partners enabling these solutions. To find out more about our range of cyber resilience solutions and how these can help inform your security strategy, click here.
You can listen to all episodes of “Need to Know” podcast, including this conversation on regulation, policy and diversity here.
