A more pragmatic board room approach to tackling the cyber threat
Organisations across the world have made strides in remote working and collaboration during the COVID-19 pandemic, but the proliferation of digitisation is creating significant new cyber threats that require radical cultural change at boardroom level.
In the Australian market, where speed is critical and regulatory and legislative requirements are increasing, cyber security teams play a critical role.
Cyber security teams are responsible for building trust, resilience and forging a pragmatic security culture and helping embed secure by design thinking into every aspect of digital infrastructure and data. To do this, they must be enablers and facilitators, helping others deliver services and brands that deserve cyber trust amongst customers, employees and society at large.
A new KPMG report, From enforcer to influencer: Shaping tomorrow’s security team calls on business leaders to ensure cyber security specialists are part of the C-suite decision making process, ensuring digitisation at the heart of their future growth strategies.
Here are seven key recommendations:
- Act like you belong in the C-suite
Chief Information Security Officers (CISOs) must speak their language, building consensus, demonstrating pragmatism and navigating politics to help leaders understand the cyber implications of their strategic choices. CISOs are becoming public figures, serving as the face of the firm to help build trust and confidence.
- Broaden horizons
CISOs’ responsibilities are broadening to include safeguarding data, dealing with disruptive events to maintain operational resilience, managing third parties, handling regulatory compliance, and helping to counter cyber enabled financial crime. This demands they forge strong working relationships with other leaders withing the organisation including the Chief Risk Officer (CRO), the Chief Data Officer (CDO) and, of course, the Chief Information Officer (CIO).
- Weave cyber security into the organisational DNA
Today’s CISOs should be sophisticated communicators, working with other business leaders to embed cyber security into the DNA of the organisation. This involves integrating security into governance and management processes, education and awareness, plus establishing the right mix of corporate and personal incentives to do the right thing.
- Shape the future cyber security workforce
CISOs will have to acquire capabilities from outside the organisation, build new partnerships and look for unconventional and diverse talent. In future, we may even see the cyber function becoming far smaller, taking on a strategic and governance role, with cyber security being truly embedded into the business.
- Embrace automation as the rising star
Automation can reduce the manual workload and ease skills shortages, bringing in greater efficiency and helping meet growing compliance requirements in a consistent and repeatable way. It can also help embed security and improve the user experience, as well as reduce the time to respond to a major cyber incident
- Brace for further disruption
We are heading towards a hyperconnected world in which the IoT and 5G networking will massively increase efficiency and enable radically different business models. But this also opens organisations to new attack surfaces and raises privacy concerns — demanding a shift to new, data-centric security models such as zero trust.
- Strengthen the cyber security ecosystem
Organisations are now part of a complex ecosystem of suppliers and partners, tied together through shared data and shared services. Conventional contracts and liability models seem ill-suited to the rapidly evolving supply chain threat, calling for a new partnership approach that brings security to all parties and individuals.
CISOs must see themselves as enablers and facilitators, helping others deliver services and brands that deserve cyber trust among customers, employees and society at large. The digital world is part of everyone’s daily life; with the pandemic heightening its importance trust in the robustness and security of systems will make their role more visible and more important.
Tags Cyber security