Elevating Cybersecurity 2025

High-level relationships External stakeholders Board13 Responsibilities of the CISO to the board –Raise awareness and educate on cyber risk with regard to business strategies and decisions –Provide a clear narrative on the cybersecurity posture of the organization in the longer term –Present cyber risk in terms of business impact, financial exposure, regulatory implications and reputational risksResponsibilities of the board to the CISO –Ensure the CISO has the resources, budget and team needed to secure the organization –Work closely with the CISO to encourage systemic resilience and collaboration throughout the organization –Design an organizational structure that supports cybersecurity –Align cyber-risk management with business needs Customers Responsibilities of the CISO to customers –Provide transparency on key cybersecurity activities and posture (for example, in the annual report) –Develop a trusted relationship and open a communication channel in case of an incident –Partner with customers to deliver solutions that meet the customer’s risk tolerance as well as regulatory requirements Responsibilities of customers to the CISO –Communicate incidents in a timely manner Suppliers Responsibilities of the CISO to suppliers –Clearly communicate how critical the supplier is to the security of the CISO’s organization –Communicate new vulnerabilities in a timely manner –Develop a trusted relationship and open a communication channel in case of an incident Responsibilities of suppliers to the CISO –Provide timely communication on incidents and share any compromise-related information Law enforcement Responsibilities of the CISO to law enforcement –Build a collective defence and strong collaboration lines to share information that helps law enforcement activities if requiredResponsibilities of law enforcement to the CISO –Provide relevant intelligence to help improve the organization’s preparedness Elevating Cybersecurity: Ensuring Strategic and Sustainable Impact for CISOs 10