New Cyber Threats Need Radical Culture Change at Boardroom Level

The proliferation of digitization is creating significant new cyber threats that require radical cultural change at boardroom level. A new report from KPMG calls on business leaders to ensure cyber security specialists are part of the C-suite decision making process, with digitization at the heart of their future growth strategies.

As the number of cyber incidents are increasing at a rapid pace and has far-reaching consequences on the organization, the report states, cyber security teams are now responsible for building trust and resilience, by forging a pragmatic security culture and helping embed secure by design thinking into every aspect of digital infrastructure and data. To do this, they must see themselves as enablers and facilitators, helping others deliver services and brands that deserve cyber trust among customers, employees and society at large.

“Cyber has been a board agenda and in current times when digital technologies are being adopted at an accelerated pace with data proliferation, the need is to establish ‘Digital Trust’ by bringing in radical shifts,” says Atul Gupta, Leader – Cyber security, KPMG in India.

After speaking to security leaders from across the globe, the report offers seven key recommendations to IT leaders and Chief Information Security Officers (CISOs):

1. Act like you belong in the C-suite

CISOs must speak the language of the C-suite, building consensus, demonstrating pragmatism and navigating politics, to help leaders understand the cyber implications of their strategic choices, the report says. CISOs are also becoming public figures, serving as the face of the firm to help build trust and confidence.

2. Broaden horizons

CISOs’ responsibilities are broadening to include safeguarding data, dealing with disruptive events to maintain operational resilience, managing third parties, handling regulatory compliance, and helping to counter cyber enabled financial crime. Researchers believe, this demands they forge strong working relationships with other business leaders including the Chief Risk Officer (CRO), the Chief Data Officer (CDO) and, of course, the Chief Information Officer (CIO).

3. Weave cyber security into the organizational DNA

Today’s CISOs should be sophisticated communicators, working with other business leaders to embed cyber security into the DNA of the organization, says KPMG. This involves integrating security into governance and management processes, education and awareness, plus establishing the right mix of corporate and personal incentives to do the right thing.

4. Shape the future cyber security workforce

CISOs will have to acquire capabilities from outside the organization, build new partnerships and look for unconventional and diverse talent. In future, we may even see the cyber function becoming far smaller, taking on a strategic and governance role, with cyber security being truly embedded into the business.

5. Embrace automation as the rising star

Automation can reduce the manual workload and ease skills shortages, bringing in greater efficiency and helping meet growing compliance requirements in a consistent and repeatable way. According to KPMG, It can also help embed security and improve the user experience, as well as reduce the time to respond to a major cyber incident.

 6. Brace for further disruption

We are heading towards a hyper-connected world in which the IoT and 5G networking will massively increase efficiency and enable radically different business models. But this also opens up organizations to new attack surfaces and raises privacy concerns — demanding a shift to new, data-centric security models such as zero trust.

7. Strengthen the cyber security ecosystem

Organizations are now part of a complex ecosystem of suppliers and partners, tied together through shared data and shared services, says the KPMG report. Conventional contracts and liability models seem ill-suited to the rapidly evolving supply chain threat, calling for a new partnership approach that brings security to all parties and individuals.

Companies with the right culture has seen digital security experts playing a key role in the overall decision making processes, guiding the future direction of the business, developing robust digital infrastructure, embracing innovation and helping to identify potentially critical threats ahead, recommends the KPMG report.