ING: Embedding Security From the Ground Up

Debbie Janeczek of ING expanded on the evolution of cybersecurity leadership and why the next-generation CISO must operate far beyond traditional tech boundaries. For Janeczek, the future of security isn’t about reacting to threats or policing decisions after the fact — it’s about ensuring cybersecurity is embedded from the very foundation of the business, woven into every strategic initiative, every product, and every customer touchpoint.

She explained that as CISOs become more strategic, their role is shifting from overseeing technology to understanding the full business ecosystem. Instead of discovering new projects late in the development cycle — when security fixes are costly, complex, and confidence-damaging — security must be involved from day one. Whether the organisation is launching a mortgage product, expanding into new regions, deploying new digital journeys, or integrating third-party platforms, the next-gen CISO ensures that secure design principles guide decisions at the earliest stages.

This pre-emptive approach builds something that technology alone cannot: trust. And trust, Janeczek stressed, is at the heart of modern cybersecurity. When security teams help shape new initiatives from the beginning, internal stakeholders — product managers, engineers, operations teams, customer-facing units — feel supported instead of restricted. That inside-out trust then flows directly to customers, who rely on the bank to safeguard their money, identity, and data.

Janeczek also highlighted that a next-generation CISO sees the entire company as their customer. The security function serves every department, helping them innovate confidently rather than slowing them down. By embedding security early, teams avoid the “bolt-on security” problem — the last-minute scramble where security becomes an obstacle rather than an enabler.

This shift positions cybersecurity as a value creator, not a cost centre. When internal teams trust the security organisation, they consult earlier, collaborate more closely, and build more robust products. Externally, customers feel the benefits through resilient journeys, reduced friction, and a sense of safety baked into every interaction.

For ING, the CISO of the future is no longer simply a guardian of systems. They are a strategic business partner, enabling innovation while ensuring that trust and security remain foundational to everything the organisation builds.