Bernard Munyaradzi Chadenga, The Cimplicity Institute

With rising cyber security threats, such as ransomware and data breaches, there is an increasing demand for stronger security discussions at the boardroom level.

That’s according to Bernard Munyaradzi Chadenga, virtual CISO (Chief Information Security Officer) at the Cimplicity Institute, who recognises that to achieve this, the CISO’s focus and approach needs to change.

According to Chadenga, in many African markets, cyber security has historically not been viewed as an autonomous discipline, as CISOs frequently report to finance or IT operations.

But, he believes, there’s a need for the CISO to increase their strategic influence.

Chadenga says: “With rising cyber security threats—such as ransomware and data breaches—there is a growing need for a stronger cybersecurity presence at the executive level.

“Traditionally, cyber security was viewed as a cost centre, but modern CISOs must now demonstrate how security can drive business growth and not just business resilience.”

To achieve this, he says cyber security leaders must increase business alignment and shift from ‘checklist security’ to enabling growth.

The framing of conversations is key to this, he adds. “Aspects such as translating risk conversations into business terms for the board, what do they need to know? And, what are you telling them? How is your role as a CISO impactful to the businesses bottom-line? Boards speak Earnings Before Interest, Taxes, and Amortisation, what language are you using?”

The metrics used by CISOs must also be re-valuated, he says.

“It’s no longer enough to measure success by the number of blocked attacks. Instead, cyber security leaders must align their work with business goals, understand their organisation's products and operations, and contribute to profitability,” he says.

Chadenga is one of the keynote speakers at the upcoming ITWeb Security Summit 2025, which will be held in Johannesburg on June 3 and 4 at the Sandton Convention Centre.

In addition to tackling the above issues, he will also address the issue that cyber security challenges differ by country, and how collaboration across borders is essential.

“Cyber threats in Zambia may not be the same as in Namibia, but sharing insights and strategies can strengthen the entire region.

“This discussion will be about empowering CISOs to enhance their impact, engage meaningfully with executives, and position cybersecurity as one of the core functions in the business strategy, and with a view of all of SADC and most of Africa, we can share key takeaways on how other industries and sectors are adding value and defining success.”

The event will be held in Cape Town on 27May and in Johannesburg on 3-4 June

For more information and to register for Cape Town, click here, and for Johannesburg click here.