CISOs are trained to fix problems. Lawyers are trained to find them. The two must work together to address complex challenges like breaches, compliance, or the ethics of emerging technologies.

There’s a joke that’s been floating around boardrooms for years: “What’s the difference between lawyers and engineers? Lawyers don’t think they’re engineers.”

This light-hearted jab highlights a fundamental difference between the two professions. Engineers, and by extension CISOs, focus on building and fixing things, learning a wide array of skills, sometimes sticking their hands into technologies nobody trained them to handle. Lawyers, on the other hand, aim to find problems, navigate gray areas, and anticipate risks.

While these differences might seem like a recipe for conflict between the two professions, they can often lead to a strong partnership. By combining their skills, these two groups can navigate the ever-evolving intersection of technology, innovation, and regulation.

Cybersecurity and data breaches are not just technical issues,” says Michael Welch, former CISO and managing director at MorganFranklin Consulting. “They can be intertwined with legal, regulatory, and reputational risks that require a collaborative, proactive approach.

While the relationship between CISOs and their legal teams is essential, things don’t always go smoothly. Differing priorities and communication gaps can create tensions or even lead to conflict. However, strengthening this partnership is not just beneficial — it’s critical for the organization’s ability to manage risks and respond to complex cybersecurity and compliance challenges. And CISOs can do a few things to make this partnership work.

Stay updated with SOC News for cutting-edge security innovations and expert industry insights! 

Source : https://www.csoonline.com/article/3811937/cisos-stop-trying-to-do-the-lawyers-job.html