Man flashing light towards the sky full of stars

Adapting to our new cyber reality

  • Akhilesh Tuteja, Leadership |

If cyber security was earning heightened interest at the board and c-suite levels prior to the pandemic, its urgency only increased when the global pandemic was declared. Organizations quickly realized the immediate need to digitally transform every part of their business, whether to serve customers, preserve supply chains or enable newly remote workforces.

In this high-pressure environment, many organizations responded with impressive agility rethinking their operating and delivery models, embracing digital transformation that might otherwise have taken years to implement. Of course, organized crime responded by refocusing their attacks, often taking advantage of new gaps in an organization’s security measures and playing on the fears of citizens over COVID-19.

Unfortunately, just as these cyber risks are rising, companies may face economic hardships which drives them to contemplate cutbacks to their security budgets. They make these decisions at a time when building digital trust, with customers, partners and government, is critical to their survival and success.

But let’s remember people

In addition to the way organizations have changed course in response to shifting winds, I think of the way communities have responded to today’s new cyber realities. Suddenly, the lines between work and home have blurred, with many parents working from home and sharing screen time with family, juggling school, social and commerce activities online. Although most organizations have no doubt experienced ‘bumps’ during this transition, it’s impressive how they can embrace technology-enabled alternatives. And, learn to do so safely.

October was International Cyber Security Awareness Month, it reminded me of the importance of helping diverse spheres of our society — from children, to parents/guardians, to consumers to office workers — learn to manage new cyber security and online risks. For several years, KPMG has hosted KPMG Global Cyber Day, including classroom outreach by our cyber security professionals with students, teachers and parents, and actionable lessons to help community members safely manage personal data, social media, cyber bullying and other timely issues.

Naturally, this year we have had to move our efforts online, primarily through social media and our cyber awareness websites. However, it’s terrific to see how the public has responded to these initiatives and taken steps to protect themselves, their homes and loved ones, as they expand their use of digital technologies. Our Be cyber smart page, shares advice on starting good conversations, evaluating risks, setting rules and adopting best practices. These principles have proven effective in driving cyber smart behaviors in the community, and of course they are equally valid for organizations helping their employees stay safe.

COVID-19 brought many changes:

Now more than ever, retaining our focus on the cyber security of our increasingly interconnected world is critical. And, I’m confident we can do it! But it does require organizations to change the way they approach cyber security.

In recognition of the difficult challenges organizations have been faced with, we recently published a new report, All hands on deck: key cyber considerations for a new reality. We identified eight core themes, to help organizations focus on the most urgent issues:

  1. Addressing the security deficit: Since many security and privacy considerations necessarily took a back seat during the recent rush to digitize, now is the time to re-establish cyber security confidence in your new suite of technologies.

  2. Aligning business goals with security needs: Business and risk needs have changed, now is the time to better coordinate the two by integrating security into end-to-end business processes.

  3. Digital trust and consumer authentication: Since digital customers favor organizations they can trust; companies must find ways to make authentication and security processes straightforward and transparent to build that trust.

  4. The evolving security team: Cyber security teams need to evolve to better understand and articulate security issues from a business perspective to gain inclusion in strategic decision-making.

  5. The next wave of regulation: With regulation growing in scale and complexity, cyber security and risk governance models need to be embedded properly and linked to broader concepts such as resilience.

  6. Cloud transformation: As organizations ramp up their cloud adoption, security teams must adapt to support this process and find ways to balance business enablement, agility and risk.

  7. Automating the security function: Organizations have just begun the journey to automate security functions, and there are challenges ahead to get the most from technology and the potential of big data while respecting privacy concerns.

  8. Challenging assumptions around resilience: Since the pandemic has shone a light on the critical part technology plays in resiliency, now is the time to work across the organization to assess the resilience of our changing supplier ecosystems and our ability to deal with shocks.

Although the above ‘to do list’ for organizations might seem intimidating, it’s reassuring to think in terms of how much change we have all absorbed to date, in such a short time.

We have the power in our own hands to adapt to these new realities — whether we’re a parent or guardian trying to understand the scope of our child’s online life, or a CISO trying to steer their organization towards a more secure, resilient and flexible state during digital transformation. By breaking it down, setting priorities and drawing upon trusted resources, we can each rise to the challenge, and protect and enable what is most important to us and the community in this new reality.

Throughout this blog, “we”, “KPMG”, “us” and “our” refers to the global organization or to one or more of the member firms of KPMG International Limited (“KPMG International”), each of which is a separate legal entity.