In this interview, Sascha Maier, Group CISO of the SV Group, a leading gastronomy and hotel management group based in Zurich, and Member of the Advisory Board of Swiss Cyber Institute shares his insights on how to communicate cybersecurity ROI with all stakeholders, key trends in cybersecurity, and his three reasons for attending the Global Cyber Conference. Read his full interview below.
A former IWC Schaffhausen CISO, Sascha Maier was a panelist in the session “Security incident management: key lessons from industry leaders” together with Laurens Binken from Shell, Shawn Bowen from World Fuel Service, Stuart Seymour from British American Tobacco, and Linus Plum from Software AG at the Global Cyber Conference 2022.
What types of cyber threats are the most complicated to detect?
There is no single answer to this question, as the variety of attacks is enormous. Every organization needs as much visibility and detection capability as possible to identify attacks when they occur. A clear incident response process to prepare the entire organization for an attack is also needed.
What advice would you share with cybersecurity leaders when it comes to communicating security investments’ ROI to key stakeholders?
Focus on the business benefits and risk mitigation. Don’t talk about the technical solution itself. Most people don’t understand and are confused. I often use the four pillars of ROI:
- This investment will save us money by reducing ongoing costs
- This investment will help us meet contractual obligations or industry or government regulations
- This investment will reduce our business risks (by reducing probability, impact, or both)
- This investment will enable us to take advantage of new business opportunities
What do you predict to be key trends in cybersecurity over the next 3 to 5 years?
Just look at the Black Hat USA conference that just ended. Almost all the talks were about security in the cloud. That topic is going to dominate the agenda quite a lot.
The power of machine learning in security products is an additional topic. This is where I see a lot of potential in the next few years to make our lives easier in terms of detection and dealing with large environments.
Lastly, could you please share your top 3 reasons for attending the Global Cyber Conference?
Internationality. It’s absolutely fantastic to have so many international experts on site! I’m looking forward to meeting people I haven’t seen for several years.
Inspiration. We, security professionals, should constantly be on the lookout for new inspiration and views on the most important issues in our daily lives.
Networking. Local events are important and good, but international events bring a lot of good people together and the quality of networking is tremendous.