06 Sep How C-Level Executives Can Simplify Cyber Readiness
Embracing digitization across various industries has led businesses to invest more in cyber tools. PwC notes that more than 25% of 1,638 technology and security executives are expecting double-digit growth in cyber budgets in 2022.
Moreover, cybersecurity demand has been rising as high-profile cases of cyberattacks have been more prominent since the pandemic. Healthcare has been a target of ransomware attackers. For example, in June, Shields Health Care Group, a Massachusetts-based service provider reported a data breach affecting 2 million patients.
In addition, Crypto.com suffered from a serious data breach as well. At the beginning of 2022, the cryptocurrency giant lost 18 million dollars of Bitcoin and 15 million dollars of Ethereum. Despite the company having secured cyber measures in place, the cyber attackers used a simple method to get the job done.
Digitization may have brought about business continuity across many organizations, but cyber attackers have taken notice of its popularity and thus have made more efforts in identifying the digital Achilles’ heel of different organizations.
As digital connections hastily grow, the processes of managing and maintaining all these connections become more complex. It begs the question of whether a company is now too complex to secure. Even 75% of PwC’s survey respondents mention that the increasing complexities of digitization pose cyber and privacy risks.
Though the sentiments of technology and security executives are reasonably valid, they also understand that these complexities are necessary for business growth. So the best response is to consciously streamline cyber operations and processes to protect an organization’s cyberspace.
Fortunately, PwC’s 2022 Global Digital Trust Insights Survey offers the C-suite a guide to simplifying cyber with intention. Global mobility professionals need to be cognizant of this survey, because they deal with C-level executives.
Here’s what they need to know based on these four questions and discussions:
Can the CEO make a difference in the organization’s cybersecurity?
It’s one thing to take note of identifying cyber goals, but it is another thing to be involved in achieving those goals.
Chief executives ranked cyber threats as the top 2 risks to businesses in PwC’s 24th Annual Global CEO Survey. However, in the Global Digital Trust Insights Survey, PwC discovered a possible “expectations gap” for cyber. CEOs perceived that they were more involved in setting and achieving cyber goals than their teams are. Some non-CEOs, however, rated their CEOs as more reactive rather than proactive concerning cyber issues.
If CEOs persist in instilling this false sense of organizational security, it can end up in a disaster. That’s why CEOs need to openly collaborate with executives and others in the C-suite in support of cyber strategies.
Key takeaways for the CEO:
- CEOs should frame cybersecurity in the organization as an essential part of business growth and customer trust.
- CEOs should demonstrate trust and support toward the CISO
- Deal with cyber problems and risks and change what needs to be changed.
Key takeaways for the CISO:
- Be familiar with the business strategy
- Build a stronger relationship with the CEO and sustain the dialogue with the CEO
- Equip with the necessary skills to thrive in the evolving role of cyber in the organization.
Is the organization too complex to secure?
With all the complexities driven by anything digital, it can be difficult to process all these and handle existing tasks already at hand. PwC discovered that CEOs were the most worried about the complexity, particularly from the concern of the crossover from IT to operational technology.
The costs of having unnecessary complexities are not clear. But when cyber attacks do occur, the gravity of the threat is evident. It was found that companies with great cybersecurity results were 5x more likely to possess streamlined enterprise-wide operations
Cloud transformations are suggested for simplification. It is considered the top investment priority of PwC’s respondents seeking its ability to simplify processes and IT architecture.
PwC recommends operational and transformation leaders ask each business executive what the cyber plan is and ignite operational and cultural change. For CISOs and CIOs, the firm suggests assessing whether the current information that they have is necessary. If not, then eliminate things they don’t need for now.
Is the organization cyber-secured from the most important risks?
Less than a third of organizations use data and intelligence when making decisions. Those that had top-notch cybersecurity outcomes over the past two years are 18x more likely to claim that data and threat information are essential to their operating model.
To make better-informed decisions, organizations need to make sure that the foundation of their data is robust. That’s why businesses are now investing a whole lot in data-security technology. They understand why information is such a valuable asset.
Understanding the importance of identifying cyber risks, here are some key takeaways for the C-suite:
Key takeaways for the CFO:
- Work with CISO in addressing cybersecurity through a risk-based approach so that cyber budgeting will be aligned to business objectives
Key takeaways for the CISO:
- Ensure that there is a strong data-trust foundation
- Create a clear roadmap from cyber risk quantification to cyber risk reporting in real time
- Simplify the identification of cyber risks and all the processes intertwined with them.
How well do organizations understand the risks posed by third parties and the supply chain?
Organizations must not overlook the cyber risks that come along with partnerships. Only 40% of survey respondents report that they understand the risks of data breaches through their third parties by using enterprise-wide assessments.
Through an organization’s third-party partnerships, cybercriminals have found a new channel into an organization’s data. Even through a simple third-party software update, they have utilized this seemingly harmless process from partners as a means to penetrate an organization’s private information.
Key takeaways for the COO and the supply chain partners:
- Map out a clear system with the most critical relationships, and use a third-party tracker to identify the weak links in your supply chain.
- Inspect software vendors against the performance standards you demand
- Identify methods to simplify business relationships and supply chain.
Key takeaways for the CRO and CISO
- Ensure that the organization can detect, resist, and respond to cyberattacks through its software
- Create a third-party risk assessment team to coordinate the activities that manage third-party risks areas
- Educate the board about the risks posed by third-party partnerships.