Abridged Minutes
Questions asked:
Is there a common definition of internal and external cybersecurity risks?
How active is the COO in the cybersecurity risk management agenda?
As a COO, are you an active or passive participant in this program?
Is the COO’s role [in cybersecurity] a matter of enhanced education or active participation?
What can I do as a COO to make a greater contribution to manage this threat?
Identified areas for COO and CISO, and COO to COO collaboration:
1. Common strategies or ideas on how to drive more vigilance in their associates toward cyber behaviors. Cyber defense is challenging because sometimes all it takes is one individual to respond to a phishing attempt and a breach can occur. Associates know this, are trained and tested on it, but it still happens. New or more creative approaches are needed to help, including:
a) Better technology to prevent phishing emails from making it through
b) Adding phishing response and other cyber compliance statistics to a managers KPIs similar to the way associate satisfaction or customer satisfaction is
c) Better training, awareness, and testing programs.
2. Collaborating on scenario ideation, development, and response strategies – where such brainstorming would produce a broader and richer set of scenarios.
3. Common themes:
a) Interaction with the CISO and the technology was good
b) COO’s were bringing the cyber team into the conversation when doing business planning or product development
c) Associates react negatively to excessive awareness training and testing around cyber and reaches a point of diminishing returns on compliance.
“We now live in a zero trust concept world where there’s no such thing as inside or outside – everything is untrusted”
Chris Rigg, Sutherland Consulting, Technology Business Advisor to Armstrong Wolfe
Agreed action
- Following last week’s forum on insider threat, and in line with its conclusions akin to the cyber session, as part of iCOOC 2022 membership, Armstrong Wolfe will establish a COO Threat Scenario Cluster, open to all members, to be set every fourth month in 2022 (January, May, September)
- Armstrong Wolfe to invite CyberconIQ to present its cycber personality vulnerability assessment (cyberconIQ mitigates cyber risk by leveraging CYBERology – the intersection of cybersecurity and psychology)
Armstrong Wolfe
Armstrong Wolfe is a global financial services advisory firm supporting the office of the Chief Operating Officer. The International COO Community (iCOOC) has over 5000 COOs within a managed network and therefore one degree of separation from each other.
We empower this community by providing thought leadership, promoting cross industry dialogue and supporting collaboration, design and execution. We have a unique blend of COO functional expertise which enables us to support iCOOC members through our advisory and project management services. We aid COO career advancement through our business management training institute and support industry wide efforts addressing diversity and inclusion initiatives through our Women in the COO Community and provide career opportunities for all underrepresented groups with the COO Academy.
The content of this presentation is proprietary and confidential information of Armstrong Wolfe. It is not intended to be distributed to any third party without the written consent of Armstrong Wolfe and Armstrong Wolfe Partners.