Embracing digitisation means evolving role for cybersecurity

To find out more about how cybersecurity roles are evolving, KPMG spoke to a number of Chief Information Security Officers (CISOs) from major organisations

Organisations across the world have made changes to allow for remote working during the COVID-19 pandemic, but the proliferation of digitisation is creating significant new cyber threats that require radical cultural change at the boardroom level.

Cybersecurity is now a common topic of boardroom debate. In the KPMG 2021 CEO Outlook Pulse Survey, cyber risk was ranked as the number one organisational threat by global CEOs, with data security taking a priority over all other technology investments. 

A new report from KPMG ‘From enforcer to influencer: Shaping tomorrow’s security team’ is calling on business leaders to ensure cyber security specialists are part of the C-suite decision making process, with digitisation at the heart of their future growth strategies.

 

Helping address cybersecurity issues

The report offers seven key recommendations to IT leaders and Chief Information Security Officers (CISOs):

 

  1. Speak the language of the board by thinking in terms of customers, revenue, costs and return on investment.
  2.  Focus on operational resilience: keeping the lights on and getting back to normal quickly following a crisis. 
  3. Invest time in building a network within your organisation, visiting different functions, learning how they operate and gaining trust that you want to enable — safely — and not just say ‘no’. 
  4. Think about shaping a workforce to the cyber needs of the business — as opposed to permanent roles and structures. 
  5. Consider the ratio of employees to contractors and gig workers. Build a business case for automation, reflecting the efficiencies it brings and the value added from workers who are freed up for higher-level tasks.
  6. Work out what zero trust means for your business and see this as an ongoing philosophy rather than a one-off programme. 
  7. Find ways to reach out to peers in your sector, either joining existing industry bodies or forming less-formal groups.

 

Creating trust and delivering security 


 

Fred Rica, Principal, Cyber Services, KPMG in the US, said: “Organisations have made incredible strides in remote working and collaboration for employees, as well as improving digital customer experience. But this has also reminded us that physical perimeters no longer exist. With increasing reliance on third parties, and the proliferation of Internet of Things (IoT) and other devices, cyber security now involves complex ecosystems with a dramatically increased threat potential.

“In a marketplace where speed to market is essential, cybersecurity teams are now responsible for building trust and resilience, by forging a pragmatic security culture and helping embed secure by design thinking into every aspect of digital infrastructure and data. To do this, they must see themselves as enablers and facilitators, helping others deliver services and brands that deserve cyber trust amongst customers, employees and society at large.”

As CISOs move forward and address the ever-evolving cyber threat landscape, they must balance many responsibilities, formally and informally. This means shifting from enforcer to influencer, fostering security awareness, and building vital relationships with peers. 

 

Share

Featured Articles

Trustwave Reveals the Financial Sector's Cyber Threats

Although it's not new to think that financial services organisations are prime targets for cybercriminals, the threat landscape they find themselves in is

TCS and Google Cloud Join for Solution to Secure the Cloud

TCS partners with Google Cloud to launch a range of AI-powered cybersecurity solutions to help businesses secure their clouds against advanced threats

Cybersecurity Conglomerate Reveals Threats Facing Consumers

Cybersecurity Conglomerate Gen quarterly report reveals shocking statistics like the fact that consumers are now increasingly at risk from Ransomware

Decoding the US' Most Misunderstood Data Security Terms

Cyber Security

Orange Cyberdefense's Wicus Ross Talks Cyber Extortion Trend

Hacking & Malware

Palo Alto Networks Buy IBM's QRadar Assets in Win for SIEM

Network Security