• With heightened cybercrime during the pandemic, CEOs are wising up to the threat.
• Money is not a panacea for cybersecurity; a considered strategy is.
• Cybersecurity strategies must be based on a articulate vision of business goals.
CEOs around the world at present understand the severity and magnitude of the threat that cyberattacks pose to their business organization. This realization comes not a moment too before long: The global cost of cybercrime is said to exceed $1 trillion. At the same time, CEOs are dramatically stepping up their digitization efforts, PwC’s 24th Almanac CEO Survey shows: more than 77% of United kingdom CEOs, for case, expected to increase their investments to do so.
This is all adept progress – simply why has it taken and then long to get to this point? And how practise companies motion more than rapidly toward beingness fully digital while keeping their data, systems and networks rubber?
Cyber gets its due
Since 2015, cybercrime has fabricated the listing of CEOs’ top concerns in PwC’s Annual CEO Survey. In 2020, cyberthreats rank 2d – topped only past pandemics and other health crises – later sitting in the number four position the previous twelvemonth. But in Northward America and Western Europe, cyber is number 1.
Though COVID-19 upstaged cybercrime in this survey overall, the pandemic’s necktie to cyber tin’t exist denied. CEOs in virtually of the earth are feeling the urgency to address both, as malicious actors continue to take reward of vulnerabilities created or exacerbated by the pandemic.
In the The states, near 70% of CEOs said they are “extremely concerned” most cyberattacks. In Asia Pacific and the Eye Eastward, cyber also ranks second on CEOs’ worry listing; in Africa, it comes in 3rd.
The only places where cyberthreats exercise not rank among CEOs’ top concerns are Central and Eastern Europe (CEE) and Latin America. In both regions, digitization of business organization processes is even so in a fairly early stage.
Money is not the answer
If the global pandemic has a argent lining, information technology’south this: in the first 3 months afterward the pandemic’s proclamation in March 2020, many organizations sped upwards their digitization. Half of the CEOs said they plan double-digit increases in digitization investments over the coming three years.
Simply only 31% said their cyber and privacy investments will also rise by double digits. On its face, this might seem to be a concern. After all, the cybercrime economy has flourished simply equally the digital economy exploded.
Then again, money isn’t the merely measure of a cybersecurity program’s effectiveness. More isn’t always better. It’s worse, in fact, if cybersecurity spending is pell-mell and piecemeal without an underlying strategy to guide it.
Concern leaders might think the best manner to solve the cybersecurity puzzler is to simply throw coin at it. Enticed by vendor pitches, they buy ane solution after another without whatever plan. In the process, they may stop upward with a tangled mess of products and services that don’t work together, or technologies that their staff don’t know how to apply finer.
Many tech and security executives – 53% – say they’re not confident that their cyber budgets mesh with the strategy of the enterprise and its business organization units, PwC’s 2021 Global Digital Trust Insights survey shows. They likewise aren’t sure that their organizations’ cyber spending really addresses the risks the company faces and uses solid data as a basis for setting priorities. The good news is this: 44% said they were planning a cyber budget overhaul and improving cyber-adventure quantification.
To meet the challenges of 2021 and beyond, you need to work with your chief data security officer (CISO) to ensure that cyber spending falls in line with an overarching strategy – and that your programme is streamlined and as simple every bit can be. Today’s CISO is part transformational leader and part master tactician, and under your management, they can guide cross-functional teams to ensure that security solutions and systems work together gracefully and effectively to protect the entire enterprise.
What the CEO can do
How you plan to grow should exist the commuter for every plan in the organization, including cyber. Cybersecurity strategies piece of work best when the CISOs crafting them fully empathise their companies’ goals and plans for achieving these business goals.
With a expert understanding of your vision and your company’s business strategy, your CISO can help you lot fully comprehend and mitigate the cyber-risks your organization faces. And your CISO will be able to strike a meliorate balance between complexity and simplicity.
Hither are three examples:
Company A has plans for growth via personalized customer experiences, products and services. Risks to this company might include leaks or breaches of personal information, which could violate privacy laws and diminish consumer trust. However, non collecting and making the best use of customer data poses its own risks; namely, not achieving the growth the CEO envisions. The CISO might prioritize a security strategy centred on consumer identity and access management (CIAM), which uses a suite of solutions to manage business customers’ digital identities securely while enabling the use of data to customize services. The CISO could take advantage of new techniques that enable companies to share consumer and client data while preserving individual anonymity. Confidential computing, for example, encrypts data not simply when it’southward at balance or in transit, merely likewise when information technology’s in utilise. Differential privacy is some other example. Information technology’s a technique to share information about group behaviour while protecting information well-nigh individuals. New privacy-friendly marketing approaches volition depend on such techniques.
Company B aims to abound through the sales of applied science products and services. This arrangement likely faces risks such as components that comprise vulnerabilities or malware via software updates, or breaches of their systems via tertiary-political party suppliers or vendors. This organization volition desire a product-centred security strategy, one that works to secure the software and hardware it manufactures or acquires through its supply chain, equally well equally zero-trust architectures designed to keep bad actors from gaining access to its products or disrupting its supply chain operations.
Company C aims to grow by developing and offering a multifariousness of cloud products, such as developer tools and data analytics. The risks it faces include misconfigurations that could lead to the installation of malware and ransomware, data theft, data loss and denial of service attacks. This company would nigh probable focus its cybersecurity programme on cloud security, using a security controls framework, automated controls compliance, DevSecOps and infrastructure-every bit-code tooling, and other deject-native strategies.
Claiming your CISO to quantify the cyber-risks to your organization and evaluate them confronting other enterprise risks. When yous know which risks are most urgent and why, as well every bit what is existence washed and tin be done to mitigate them, you can make business decisions with confidence that y’all’re helping the enterprise to grow in a fashion that’s safe and secure. Because, when the safety meets the road, the CEO owns all the risks the business faces. The CISO may run the cybersecurity role, merely the adventure-mitigation buck stops with you.
What is the World Economic Forum doing on cybersecurity?
The Earth Economic Forum’s Centre for Cybersecurity is leading the global response to accost systemic cybersecurity challenges and improve digital trust. The centre is an independent and impartial platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors.
Since its launch, the centre has driven impact throughout the cybersecurity ecosystem:
Training a new generation of cybersecurity experts
Salesforce, Fortinet and the Global Cyber Alliance, in partnership with the Forum, are delivering gratis and globally accessible training through the Cybersecurity Learning Hub.
Edifice a global response to cybersecurity risks
The Forum, in collaboration with the University of Oxford – Oxford Martin School, Palo Alto Networks, Mastercard, KPMG, Europol, European Network and Information Security Bureau, and the US National Institute of Standards and Engineering, is identifying future global risks from next-generation technology.
Improving cybersecurity in the aviation industry
Through the Cyber Resilience in the Aviation Manufacture initiative, the centre has been improving cyber resilience in aviation in collaboration with Deloitte and more than l other companies and international organizations.
Making the global electricity ecosystem more cyber resilient
The centre and the Platform for Shaping the Future of Free energy, Materials and Infrastructure have been bringing together leaders from more l businesses, governments, civil gild and academia to develop a clear and coherent cybersecurity vision for the electricity industry.
- The Council on the Connected World agreed on IoT security requirements for consumer-facing devices to protect them from cybers threats, calling on the world’s biggest manufacturers and vendors to take action for ameliorate IoT security.
- The Forum is also a signatory of the Paris Phone call for Trust and Security in Internet, which aims to ensure global digital peace and security.
Contact us for more data on how to get involved.
At the same time, dare to ask yourself and your CISO how, and where, you can simplify. In 2020, amongst the pandemic and other crises, many CEOs realized the need to streamline every attribute of the business. In the rush to digitize, “more is meliorate” may take seemed similar a good idea, just likewise much complexity just gets in the way: of great client experiences, innovative ideas, agile market place responses, employee satisfaction – and security. If you’re in “simplify” way, brand improved security 1 of the benchmarks of your success.