Oops! Sorry!!

This site doesn't support Internet Explorer. Please use a modern browser like Chrome, Firefox or Edge.

Reporting Structures, BYOD policies, Cyber Insurance, and Outsourcing

Peer Roundtable for Senior Security Leaders Executive Recap 3/20/24

Based on the transcript and protecting attendee identity, here's a summary of the Senior Security Leader cohort discussion during the Peer Roundtable on March 20, 2024. This executive summary captures the essence of the discussion, focusing on the major themes, challenges, and potential solutions discussed by the participants.

Did you know?







The Peer Roundtable discussion focused on various cybersecurity challenges, reporting structures, and strategies within the industry. Participants included senior security leaders from diverse backgrounds sharing their experiences and insights.

Key Discussion Points

• Reporting Structures and CISO Role Evolution:

  - Debate on whether the Chief Information Security Officer (CISO) should report to the Chief Information Officer (CIO) or have a direct line to the CEO.

  - The evolving role of the CISO in light of new regulatory expectations and the need for increased visibility at the executive and board levels.

  - Considerations for startup versus established companies in structuring the reporting line of the CISO.

Bring Your Own Device (BYOD) Policies:

  - Challenges of implementing effective BYOD policies in a remote-first company environment.

  - Strategies for managing and securing personal devices used for business purposes, including mobile application management (MAM) and virtual desktop infrastructure (VDI).

Cyber Insurance and Liability:

  - Discussion on the importance of Directors and Officers (D&O) insurance and Errors and Omissions (E&O) insurance for cybersecurity leaders.

  - The impact of the SEC's focus on cybersecurity disclosures and governance on insurance requirements.


Outsourcing and Managed Service Providers (MSPs):

  - The role of MSPs in cybersecurity strategy and the potential challenges in oversight and control.

  - Personal experiences with MSPs and the shift towards outsourcing cybersecurity functions.

Actionable Outcomes

• Enhanced Reporting Structures:

  - Propose changes to reporting structures that provide CISOs with the authority and visibility necessary to effectively manage cybersecurity risks.

• Comprehensive BYOD Policy Development:

  - Develop and implement a robust BYOD policy that includes encryption, secure access, and application management to protect company data on personal devices.

• Cyber Insurance Review:

  - Review and possibly enhance cyber insurance coverage to ensure it aligns with the evolving cybersecurity landscape and regulatory requirements.

• MSP Management Strategy:

  - Create guidelines for managing relationships with MSPs, ensuring clear communication of cybersecurity policies and procedures.

Leveraging Outsights (what others know)

This peer roundtables was proven invaluable in fostering dialogue among senior security leaders, highlighting the importance of adaptability, collaboration, and strategic foresight in navigating the evolving cybersecurity landscape. You are encouraged to leverage the outsights gained in these discussions to enhance your insights into your organization's security posture and prepare for the challenges ahead.

Cyberthreat Case Study Deep Dive

Tuesday, April 9 2024 @ 1PM Eastern.

Learn as Petri Kuivala walks you through a real-life cyberattack case involving a nation state called Panda, which was related to a larger M&A case between two large companies. See the several-year hacking timeline and a high-level overview of how it happened and mistakes that could have been avoided.


  • How to be prepared when the “s” hits the fan

  • How to be the successful CISO at the time of the storm

  • The most important things to do to prevent a cyberattack in the first place

  • Reserve a Cyberthreat Case Study Spot

    *Can't make the date? Get on-demand access here.

    Next Peer Roundtable Cohort

    Wednesday, April 17, 2024, at 1:00 PM Eastern

    Attend Next Peer Cohort


      • Security Value Creation Pyramid: A framework for layering security initiatives in corporate settings, inspired by Maslow's hierarchy of needs. Provides a structured approach to prioritizing foundational safety measures and advanced value-creation strategies.

      Should CISO Report to CIO: What is essential regardless of the reporting structure.

      Enterprise Cybersecurity in Digital Business: by Ariel Evans: Guides CEOs, CISOs, and compliance managers on setting goals and addressing cybersecurity gaps within organizations.

      Evidence-Based Cybersecurity: by Pierre-Luc Pomerleau and David Maimon: Introduces an evidence-based approach to enhancing cybersecurity operations relevant for security professionals and policymakers.

    Next Cohort: GRAB Your Spot!

    Seats are limited!


    Copyright © 2020- Peer Roundtables. All Rights Reserved