A few French CISOs attended the first edition of Cyber Security Connect UK. We asked them about the event and how they view the work of British CISOs. Although their opinions differ on this second point, all really appreciated the opportunity to talk with their British counterparts.
Stéphane Tournadre is CISO of the Servier pharmaceutical group
* English/French CISOs: Are they very different?
Yes, there are a few differences. First, there is less personal accountability in France with many decisions taken collectively. But in Great Britain, CISOs can take decisions alone. And British CISOs put the focus on operation rather than strategy. This was the approach of French CISOs in major groups two or three years ago.
* What can you learn from each other?
So many things: French CISOs would do well to be more direct in their decisions. They need to have the opportunity to assume responsibility for their choices, be entitled to make mistakes and learn to accept failure. In some cases, this would simplify decision making. The British are very comfortable with sharing and are permitted to make certain situations public.
On the French side, I think we’re more interested in feedback and discussion. I also see that we have a good degree of maturity with projects well underway like data classification or the opportunity to speak directly to the executive committee. Plus, having clubs like CESIN and CLUSIF in France is very effective and helps to make up for the lack of resources.
* Why come to CSC UK?
Servier is present in 149 countries and one of our major production centres is in Ireland. So as group CISO, I was particularly interested in this first edition.