What's Happening?
Jonathan Monk, CIO at the Institute of Cancer Research, has emphasized the importance of executive engagement in cybersecurity during the Gartner Security & Risk Management Summit 2025. Monk discussed
how organizations can transition cybersecurity from a purely technical concern to a strategic priority that involves active boardroom participation. He introduced the concept of Protection Level Agreements (PLAs) to quantify security measures, allowing executives to make informed decisions about cybersecurity investments. This approach aims to balance security needs with organizational friction and costs, ensuring resilience and business continuity. Monk's strategy involves transparent communication of security controls, enabling executives to understand and invest in cybersecurity measures effectively.
Why It's Important?
The shift towards executive involvement in cybersecurity is crucial as cyber threats become more sophisticated and regulatory scrutiny increases. By engaging executives in cybersecurity decisions, organizations can ensure that security measures align with business objectives and are adequately funded. This approach not only enhances organizational resilience but also supports business continuity by preventing costly breaches. The Institute of Cancer Research's strategy serves as a model for other organizations, highlighting the need for informed decision-making at the executive level to protect sensitive data and maintain operational integrity.
What's Next?
The Institute of Cancer Research plans to continue refining its cybersecurity strategy by adding new Protection Level Agreements each quarter. This gradual approach allows for clarity in deployment and ensures that security measures evolve in response to emerging threats. As cybercriminals increasingly target the medical research sector, the organization will focus on protecting sensitive data while enabling transparency and data sharing practices. The ongoing dialogue with executives will be crucial in adapting to new challenges and maintaining robust security protocols.
