Sell security as investment in brand, says CISO

Invest in intelligence, so you know what will hit you in the future, not what used to hit you in the past, advises expert security panel

Security should be sold to the board as an investment in the brand, rather than simply a cost of doing business.

That's the view of Darren Argyle, global CISO, at financial services firm Markit, speaking at Trend Micro's CloudSec 2016 event in London recently.

"We all know security is seen by boards as a cost of doing business," said Argyle. "I sell it as an investment in the brand, and protection of the investments they've already made. Then they'll view it very differently," he added.

Argyle also recommended comparing security spend and maturity against industry competitors as one method of proving return on investment, traditionally a thorny area for security professionals.

"Boards are always interested in benchmarking. They want to know how they're doing compared to their competitors, are they spending more or less? So demonstrate that in your benchmarking, or by providing a maturity assessment to board, that should help with proving value," said Argyle.

Also speaking at the event was Troels Oerting, global CISO, Barclays (pictured). He explained that applications today need to be secure, and also intuitive to use.

"When I arrived at Barclays we already had 13,000 developers. In banking, applications sell products, not the other way round, so any road to a successful digital future leads through security. Applications need to offer privacy and security and be convenient. In the old days we developed then penetration tested, then it was released. Now security is built-in by design in development."

Oerting also advised firms to invest in intelligence in order to understand the threats of the future better, so they can plan now for the protection they'll need in the coming months and years.

"I'm not interested in what's hitting me now, but what will hit me in the future. We invested in intelligence, otherwise I'm investing in the past, and the criminals are busy finding new ways to attack me."