Over the last few years there’s been a broad attempt to elevate the importance of cyber security at the board level. In 2020 many board members are well aware of the cyber agenda. While they understand the importance of cyber, one of the biggest challenges for security professionals is translating that knowledge into an actionable appreciation for what it actually means to the business.
The landscape as we see it
At many companies, the cyber security team remains a collection of technical, operational compliance professionals, but a transformation is underway into a more strategic, forward-looking resource that employs its worldview to impact business dynamics. Many Chief Information Security Officers (CISOs) and their teams, in many industries, are working to adjust to the changing dynamics of the business and become a trusted and relevant voice at the strategy table. They are also working to visualize the organization’s specific operational priorities and partner with internal business heads to incorporate those insights into the company’s cyber security plan as expeditiously as possible. Another critical security team focus, especially in financial services and health care, is satisfying regulatory requirements in a manner that is efficient from both time and cost perspectives. The skill sets of security professionals continue to evolve. Overall, the core team needs to increase its general business acumen and product knowledge so they can better articulate cyber risk in relation to enterprise risk.
What we believe you should do about it
Security teams need to get off their own island, listen to different perspectives and communicate more with business heads about what the organization really needs to worry about in this evolving ecosystem. For companies that are undergoing a digital transformation—which is most of them—the cyber security team should look to insert itself into the middle of those conversations from a strategic perspective and present themselves as the connective tissue between the business, digital, and security. Have common goals.
Identify the type of data the business is planning to place on the cloud. Understand the type of interactions that will be required between the development and production environments—then map those expectations within the security plan.
Work very closely with corporate communications and the teams that are intimately involved with customer experience. Be part of the messaging strategy. Even if a worst-case scenario materializes, ensure the organization continues to instill trust in consumers.
Ascertain what artificial intelligence (AI) is able to handle and what truly requires the nuance of human thought. Challenge yourself to automate the basic controls in your security environment. Shoot for at least 50 percent.
Finally, advocate for cyber security to be a prominent feature in the organization’s environmental, social and governance (ESG) agenda to demonstrate your comprehensive view of cyber security governance and ability to handle a broad array of incidents.
The excerpt was taken from KPMG article, All hands on deck: Key cyber security considerations for 2020”.
© 2021 R.G. Manabat & Co., a Philippine partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.