Cyber security is about what you can do — not what you can’t. The threat landscape is expanding. Cybercriminals are as entrepreneurial as ever and using increasingly sophisticated tools and technologies. In this fluid environment, Chief Information Security Officers (CISOs) and their teams should adopt a mindset of enablement — cyber security is no longer just about prevention.

CISOs must wear multiple hats simultaneously, but they can't be everywhere at all times. While it’s important to remember the oft-heard maxim, “security is everyone’s job,” it’s even more critical to recognise that security is key to building and maintaining customer, client and stakeholder trust.

This paper focuses on eight core topics that CISOs should prioritise at the C-suite and boardroom levels. These themes, along with a focus on a constantly evolving environment, can help executives better understand how cyber can support the business with a security plan based on shared accountability. 

Henry Shek
Partner, Cybersecurity Advisory
KPMG China

Richard Zhang
Partner, Cybersecurity Advisory
KPMG China

Frank Mei
Head of Governance, Risk & Compliance Services, China
KPMG China

Alva Lee
Head of Governance, Risk & Compliance Services, Hong Kong
KPMG China