GenAI was coming. Predictive AI was coming. No . . . wait, it was already here. Anyway, we sit here today focused on the art and the genuineness of the possible.

As we consider and dream of the possible, we sometimes forget the reality of the now. Between the hype around GenAI and the COVID-19 pandemic before that, we sometimes fail to acknowledge that cybersecurity has grown up. Once the dominion of hoodie-wearing basement dwellers, the topic has elevated to the C-suite and beyond. Attacks from the cyberthreat landscape do not just present a technical risk — the ramifications create a risk to the organization itself. In essence, cyber risk equals business risk.

Unlike many other corporate functions, cybersecurity did not develop from the typical path of strategy, goals, policies then tactics. It started in reverse with tactics first, then policies, then goals, and finally to strategy — if it made it there at all. The result is that formal strategy is really more of an amalgamation of small tactical decisions over time. This opportunistic cybersecurity strategy creation makes it challenging for organizations that are looking to create competitive advantages with AI. Thus, security needs to evolve from the tactical to the strategic, from being reactive to being proactive, from being an inhibitor to an enabler.

Cybersecurity leaders must now think strategically and act as business leaders alongside the executives of their organizations — creating insights, aiding executives in decision-making, and showing an organization’s risk posture are all critical for cybersecurity leaders’ success in today’s fast-changing threat landscape and regulatory environment.

The IDC Technology Symposium & Awards looks to address security in this new reality of security becoming an enabling function for AI-created competitive advantage. We aim to guide you in working with the CEO and board of directors as we transition to delivering secure outcomes and a trusted organization to our executive constituencies.