JD Supra –
Partner and co-head of Skadden’s Cybersecurity and Data Privacy practice, David Simon, recently interviewed two chief information security officers (CISOs) from the private equity sector as part of a discussion on cybersecurity leadership.
The discussion focused on the challenges posed by generative AI and the evolving role of CISOs.
Bethany De Lude, CISO at the Carlyle Group, highlighted the increasing pressure on modern CISOs to navigate regulatory frameworks, manage operational risks, and address strategic concerns.
She emphasized the need for a successful CISO to ensure robust cyber hygiene, integrate cybersecurity across all areas of the business, and manage regulatory, financial, and brand risks.
David Stern, CISO at KKR, stressed the importance of a CISO’s role in ensuring everyone in the organization understands their part in the overall cyber program.
He mentioned the need for awareness and for management to be informed about critical vulnerabilities and ongoing efforts to address them.
He also discussed the need for strong internal relationships and emphasized the role of a security steering committee in providing diverse perspectives and reinforcing cybersecurity messaging.
When it comes to determining the reporting line for a CISO, David Stern suggested partnering with the chief legal officer, the risk officer, and the operations officer.
He believed that strong internal relationships are crucial, and the CISO should prioritize ensuring their message reaches the right people.
Bethany De Lude preferred a reporting line outside of the chief information officer’s purview and emphasized the importance of a security steering committee to provide collective perspectives and reinforce messaging.
The discussion also touched on the interplay between cyber governance and AI governance.
David Stern mentioned leveraging cross-functional risk committees to manage the risks associated with generative AI while encouraging innovation.
They highlighted the challenges and implications of ransomware incidents and discussed the evolving role of government partners such as CISA.
In the context of private equity, the CISOs discussed the impact of generative AI on cyber threats, emphasizing that it makes hacker attacks more effective and sophisticated.
They also shared their views on the importance of cybersecurity diligence in potential deals, emphasizing the need for organizations to have a secure foundation before being considered a viable target.
Overall, the discussion shed light on the multifaceted role of modern CISOs, the challenges they face, and the importance of effective cybersecurity governance in navigating the evolving cybersecurity landscape.
Link: https://www.jdsupra.com/legalnews/private-equity-ciso-fireside-chat-9891020/
Private Equity CISO Fireside Chat – Cybersecurity Leadership in the Age of Generative AI
Categories:
Tags: