The CISO’s newest responsibility: Building trust

Trust is becoming a differentiator in the marketplace, and CISOs who seek a more strategic role in their must engage the full range of stakeholders to build confidence that the organization has their best interests in mind.

Kirsten Davies had a tough task: get her company’s European workers to adopt new security protocols that they feared could be used to spy on them.

Davies, who at the time was the deputy CISO of HPE, needed to get the company’s employees onboard with various new tools and policies just as the European Union was gearing up to enact the General Data Protection Regulation (GDPR), its sweeping set of privacy rules. But workers feared that the security tools could be used by the company for surveillance, and they questioned whether the security tools’ capabilities could violate their own privacy.

To tackle those concerns, Davies traveled through Europe, meeting with workers councils to lay out the risks facing the company and the importance of the tools being introduced. She started in Germany, where Davies, a native English-speaking American, used her fluency in German to build rapport.

The goal, Davies explains, was to get the workers to understand how the new tools protected them and the company, and why they were so critical. She succeeded, creating a Cyber Security Master Agreement with the German Workers Council that became a model for similar agreements across HPE’s 20-plus overseas Works Councils.

“That first-ever cybersecurity agreement let us have a trusted agreement on both sides, to say that we’re working in partnership to protect the company,” Davies says.

Davies, now senior vice president and CISO of The Estée Lauder Companies Inc., a multinational maker and marketer of numerous beauty product brands, says her experience in 2016 with those worker councils coincided with a new responsibility within the security function: convincing various constituents that they can trust the organization and its leaders to do right by them when it comes to data security and privacy.

“Trust is a bit evolutionary right now, but it’s the expectation that transactions with us are secure, stable and authentic,” Davies says.

CISOs, like CIOs, their IT counterparts, have seen their roles evolve, moving from a managerial one focused on tactical deployments to an executive position engaged in strategy. Now the CISO position is evolving even further, into one that engages the full range of organizational stakeholders – from customers and business partners to employees and board members – to build confidence that the organization has their best interests in mind when it comes to cybersecurity.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!