Blog – Page 147 – CIO.works

Rising Strategic Role of the CISO

CISO's strategic role is growing due to advocacy, generative AI, and rising cyber threats. Deloitte's survey shows 73% of organizations increased CISO involvement in technology discussions. Factors include board participation in risk management, pandemic-driven resilience, and tech-business fusion. The CISO role has evolved to integrate cyber risk and business operations, emphasizing cybersecurity as a growth asset. This trend drives cyber maturity, with mature organizations expecting better outcomes. CISO's alignment with business strategies enhances revenue and competitiveness.

https://www2.deloitte.com/us/en/insights/topics/strategy/ciso-and-cybersecurity-strategy.html

Are CISOs Struggling to Get Respect?

By CIO / Blog / CISO

CISOs face challenges in gaining respect and effective support from executive leadership, risking a potential mass exodus. While cybersecurity budgets may exist, lacking commitment to processes can leave CISOs struggling to justify investments and support business objectives. Communication, relationship-building, and creating a culture of security are essential for CISOs to succeed. Engaging with employees and demonstrating security's value can foster support from the entire organization, ultimately leading to stronger governance and security postures.

https://cisoseries.com/are-cisos-struggling-to-get-respect/

Cyber Resilience Redefined

By CIO / Blog / cybersecurity

UK Cyber Resilience Act (CRA) aims for stronger board accountability in cybersecurity, paralleling EU's NIS2. The CRA needs clearer guidelines on supply chain security, incident response, and penalties. Analysts urge proactive security strategies amid AI threats. Effective legislation should evolve with threats, incorporate stakeholder insights, and focus on business continuity and recovery post-breach. Final outcomes of the CRA could impact UK's cyber resilience and compliance landscape.

https://cybernews.com/security/c-suite-cybersecurity-breaches/

Powering Shopify’s High-Performance, PCI DSS V4 Compliant Checkout With Sandboxing (2025)

By CIO / Blog / PCI DSS

Shopify’s new checkout system complies with PCI DSS v4, utilizing sandboxing to enhance security and streamline compliance for merchants. Key aspects include isolating untrusted code, maintaining a managed environment for custom scripts, and implementing anti-skimming protections to safeguard sensitive data. The architecture supports performance, security, upgradeability, and compliance without additional merchant effort. PCI DSS v4 introduces stricter requirements, but Shopify handles complexity, allowing merchants to focus on business growth.

https://www.shopify.com/partners/blog/checkout-compliance

Navigating AI Regulation on Both Sides of the Atlantic

By CIO / Blog / AI, EU, regulation

EU and US have differing AI legislation paths: US eases regulations for innovation; EU prioritizes societal risks with the AI Act. Companies face challenges navigating these regulations, which can hinder development. Experts suggest embracing self-regulation for low-risk AI applications and seeking external guidance to manage compliance effectively.

https://www.tietoevry.com/en/blog/2025/02/navigating-ai-regulation-on-both-sides-of-the-atlantic/

EU AI Act Unpacked #22: Key Considerations for Employers as Deployers Vs. Providers Under the EU AI Act

By CIO / Blog / AI, EU, regulation

The EU AI Act defines roles for employers as either deployers or providers of AI systems, impacting their obligations. Deployers use existing AI systems, while providers modify or use systems significantly. Employers must understand compliance requirements, especially for high-risk AI applications, including monitoring, transparency, and data protection. Employers must ensure AI literacy among users, effective February 2025. The classification of deployer versus provider can change based on actions taken with the AI systems, necessitating careful assessment.

https://www.lexology.com/library/detail.aspx?g=11f71f6b-e110-4e8c-bcc4-183c38ec9746

Tech Giants Push Back at a Crucial Time for the EU AI Act

By CIO / Blog / AI, EU, regulation

Tech giants are opposing the EU AI Act, which is notable for its general principles without implementation details. Key compliance requirements are detailed in a forthcoming Code of Practice, facing delays that some attribute to industry pressure. Major companies like Meta and Google challenge the regulations, arguing they hinder competitiveness and seeking changes. Concerns center around copyright in AI training and independent risk assessments. The fight over the AI Act highlights the balance between innovation and safety as global regulatory actions intensify.

https://www.pymnts.com/artificial-intelligence-2/2025/tech-giants-push-back-at-a-crucial-time-for-the-eu-ai-act/

CIS Benchmarks

By CIO / Blog / cybersecurity

CIS provides cybersecurity benchmarks for various platforms, aimed at helping organizations mitigate threats. These include configuration guidelines for over 25 vendor products, tools for assessing compliance, and a variety of resources like the CIS SecureSuite and webinars for implementation support. Membership benefits include access to exclusive tools and community development.

https://www.cisecurity.org/cis-benchmarks

What CISOs Need From the Board: Mutual Respect on Expectations

By CIO / Blog / CISO, cybersecurity

CISOs need mutual respect and understanding from their boards to effectively navigate cybersecurity challenges. Boards require CISOs to communicate risks clearly and ensure compliance with regulations while maintaining transparency. In turn, CISOs need strategic support, accountability, resources, and the board's involvement in shaping security culture and direction. A collaborative relationship enhances organizations' ability to address cybersecurity risks effectively.

https://www.csoonline.com/article/3829678/what-cisos-need-from-the-board-mutual-expectations-respect.html

Council Post: The Growing Cybersecurity Skills Gap: a Breach Waiting To Happen

By CIO / Blog / cybersecurity, training

Cybersecurity faces a severe talent shortage, risking sensitive data and systems as organizations struggle to find qualified professionals. Nearly 90% of leaders attributed breaches to this skills gap, with over 700,000 roles unfilled. Human error causes 88% of breaches, highlighting the need for effective training. To address this, companies should invest in enhanced education, role-based training, and automation. Utilizing gamified, hands-on training can engage potential talent and effectively prepare them for real-world threats, helping to bridge the skills gap and improve cybersecurity defenses.

https://www.forbes.com/councils/forbestechcouncil/2025/02/26/the-growing-cybersecurity-skills-gap-a-breach-waiting-to-happen/