Subscribe
About
  • Home
  • /
  • Computing
  • /
  • CISOs look to deputies, business-wide culture change to mitigate risk

CISOs look to deputies, business-wide culture change to mitigate risk

By Tracy Burrows, ITWeb contributor.
Johannesburg, 06 Jun 2025
CISOs from leading enterprises participated in the Fireside Chat with CISOs at the ITWeb Security Summit in Sandton this week.
CISOs from leading enterprises participated in the Fireside Chat with CISOs at the ITWeb Security Summit in Sandton this week.

Chief information security officers (CISOs)  at leading enterprises are feeling overwhelmed in the face of an onslaught of increasingly sophisticated attacks, prompting them to look to new approaches, such as deputising CISOs throughout the business to mitigate risk.

This emerged during the Fireside Chat with CISOs at the ITWeb Security Summit in Sandton this week.

The panel, moderated by Marina Bidoli, partner at Brunswick Group, included Zaid Parak, group CISO at Discovery; Sithembile Songo, group head: information security at Eskom; Itumeleng Makgati, divisional executive: group technology at Nedbank; and Kerissa Varma, chief security advisor at Microsoft.

Parak said given the explosion of emerging threats, “every CISO is feeling overwhelmed in the face of AI and GenAI risks, growing third-party risk, and the ‘slow-moving tsunami’ of quantum computing coming. It’s becoming a lot harder for CISOs to keep up with all these elements. It’s no longer just about technology – we are also becoming compliance officers and risk officers.”

Makgati added that in highly regulated sectors such as the finance industry, regulators were trying to keep up, but the environment changed faster than the regulations could.

Songo said in her environment, operational technology (OT) is a challenge: “Our core business is OT, but OT wasn’t designed with cyber security in mind. The current regulations don’t align with rapidly changing risk, and this hampers our ability to evolve quickly and mitigate new risks,” she said.

Varma said: “Like most major organisations, we are under attack every day. We have come to the realisation that our security team can’t be everywhere at all times. We have information security officers and cyber security officers that sit as part of the CISO team in business, but we’ve gone further than that – we have deputised CISOs in every line of business. We also incentivise and drive people to make everyone a cyber security advocate.”

Share