Legal Ops and CISO Should Cooperate on Cyber Resilience

Currently, there is a lot of pressure on corporate security leaders to do more with less while facing more scrutiny and accountability for the effectiveness of their cybersecurity programs. Sophisticated and frequent cyberattacks, shrinking budgets and a scattered workforce have only exacerbated security challenges to the point that it’s hard to know what to address first. So, if you’re a general counsel or a chief security officer/chief information security officer (CSO/CISO) and are still working on your New Year’s resolutions, cyber resilience should be Number One on your list. 

There is no doubt that Legal Ops and CISO should work together to design and build the organization’s cyber security and data privacy programs. Cooperation between them is crucial in building an incident/cyber-attack response program and strategy. Although risk management continues to be a key component of overall cybersecurity program management, there needs to be a mindset shift in the way cybersecurity programs are managed — from a traditional risk management model to cyber resilience. Approach 2023 by investing in a strategy for cyber resilience. Ensure continuous improvement of your security program by being ready to anticipate, withstand, recover and adapt, and focus your budget on a resourced team, proper tools, and robust training.