Companies need a CIO and CSO with equal footing. "The CIO needs to address uptime availability while the CSO communicates the proper security metrics to the executive team," says Cole.
In addition to bringing on a CSO who can talk to the executives, the board should bring on a board member who understands security. "Three years ago, no one was asking me to be on their board of directors. This year, I've been asked to sit on four boards because they want someone who understands security and can translate it for them," says Cole.
The outcome should be the ability to better contain breaches and minimize damage. "If any of the large retail organizations get breached this coming year, but they catch it in a few days and contain the damage, they will never make the headlines," says Cole.
The issue is not whether someone has breached them, but the degree of damage. "That's what executives miss. Breaches happen all the time that never make it to the news," says Cole.
Sign up for CIO Asia eNewsletters.