In this second session, we have an eminent Technology Leader, Michael Kingston, in discussion with our CEO, Rostow Ravanan.
Michael Kingston serves as the Managing Director, Portfolio CIO Americas, driving tech enabled value creation for portfolio companies. As a highly accomplished technology leader, Michael brings over 30 years of rich expertise and leadership – spanning industries – with the ability to drive innovation and empower people. Prior to joining Carlyle, Michael served as Deputy Global CIO and Americas CIO for L'Oreal, spearheading digital transformation projects in key markets. He has held several corporate leadership roles for global enterprise brands including Neiman Marcus Group, Ann Inc., Coach Inc., LVMH and Castrol.
Please note - The insights shared by Michael Kingston in this discussion are solely his own and should not be attributed to his present or previous employers.
Rostow -> As a technology leader with extensive experience, what are the key cyber risk management challenges that large organizations commonly face today, and how do you approach mitigating them?
"I would start with which is probably fairly obvious to the listeners, is that there's just been an exponential growth of data"
- Michael
Michael -> In the realm of cyber risk management, large organizations face a constellation of challenges. The exponential data growth, the intricate landscape of partner dependencies, and ever-advancing attack sophistication demand meticulous asset inventory and a network of fortified protections. As attack inevitability looms, the focus shifts to cultivating responsive capabilities. Moreover, the evolving regulatory milieu underscores the need for close collaboration between cybersecurity and legal teams to ensure compliance across global domains. Fostering a security-oriented culture within the organization, heightening employee awareness, and continuous communication with leadership and boards stand as crucial measures. In this dynamic landscape, adaptive strategies, comprehensive plans, and constant vigilance emerge as linchpins for effective cyber risk mitigation.
"Build a culture of security in your organization. Make sure you engage your employees as part of your cyber security programs to create that awareness that will help you protect your organization against threats"
- Michael
Rostow -> In today's rapidly evolving threat landscape, cybersecurity is a shared responsibility between IT teams and leadership. How do you ensure effective communication and collaboration between technology leaders and the boardroom to present cybersecurity insights in a way that aligns with their expectations and addresses cyber risks effectively?
"I always approach these conversations in the form of factual stories that management and the board understand and love to hear"
- Michael
Michael -> Fostering effective communication and collaboration between technology leaders and the boardroom is paramount. To align with the board's expectations and address cyber risks adequately, a strategic approach is key. Begin by translating complex cybersecurity concepts into quantifiable metrics. Simple yet illustrative Key Performance Indicators (KPIs) like phishing test outcomes and filtered threat emails resonate well with boards. Utilizing roadmaps that connect sensitive assets, risk insights, and prioritized cybersecurity initiatives aids in clarifying risk management strategies.
"Financial aspects are crucial; presenting risks in monetary terms offers a clear perspective on potential impacts and facilitates decision-making, particularly for CFOs"
- Michael
Finally, maintain a balanced approach—avoid alarmism, provide balanced insights on pros and cons of investments, and present facts. By weaving stories with numbers and adhering to these principles, technology leaders can effectively convey cyber risks to the boardroom, ensuring a proactive and collaborative cybersecurity strategy.
Rostow -> Bridging the gap between technology leadership and cyber risk management can be complex. How do you foster a cybersecurity-aware culture within your organization, and what measures do you take to ensure that technology leaders are equipped to make informed decisions to protect against cyber threats?
Michael -> Fostering a cybersecurity-aware culture requires simplicity and collective responsibility. Every employee plays a role in effective cybersecurity. Regular training, especially with phishing tests, boosts awareness and empowers employees to identify threats. Recognizing proactive measures further motivates a proactive stance. Widespread communication, including sharing best practices and real-world incidents, engages everyone, bridging the gap between technology leadership and cyber risk management. This straightforward approach not only enhances cyber vigilance but also equips technology leaders to make well-informed decisions against evolving cyber threats.
"Talk about cybersecurity to all employees, don't just talk to yourselves or to the IT organization, share short videos that illustrate best practices, shared information about current events and cyber, maybe incidents that have been reported that have affected other companies and the impact to their organization"
- Michael
Rostow -> What role do you see technology and automation playing in addressing some of these challenges? How can leveraging advanced technologies enhance cyber risk management processes and help organizations stay ahead of evolving threats?
"I think organizations should really be thinking now today how they are going to embed AI models and AI services into their cybersecurity processes"
- Michael
Michael -> Advanced technologies, especially AI, are primed to transform cyber risk management. AI's real-time insights can pinpoint risks and guide resource allocation, enhancing protection and detection. It equips organizations to detect subtle threats and respond effectively. The evolving threat actors' patience and tactics necessitate proactive measures. Embracing AI not only keeps pace but empowers organizations to anticipate, counter, and mitigate cyber risks in the ever-changing digital arena.
Alfahive makes understanding cyber risk more meaningful. Our cyber risk automation platform is a SaaS solution to help organizations automate assessment, quantification, and prioritization of cyber risks. Our platform enables organizations to achieve efficiency gains and cost savings by automating their cyber risk management decisions.
