enterprisesecuritymag

Why CIOs are Embracing Enterprise Risk Management to Improve Cybersecurity

By David Burg, Global & U.S. Advisory Cyber Security Leader, PwC

David Burg, Global & U.S. Advisory Cyber Security Leader, PwC

Businesses across sectors and around the world have reached a tipping point on cybersecurity. As risks continue to escalate, it’s becoming clear that existing approaches simply are not working.

In The Global State of Information Security Survey 2015, PwC found that the number of detected security incidents increased at a compound annual growth rate of 66 percent over the past five years. And it’s not just the frequency of incidents that’s surging— cyberattacks are also becoming increasingly multi-faceted and destructive. Last year’s assault on a U.S. entertainment company, in fact, introduced an entirely new level of malice. The perpetrators not only stole valuable intellectual property, but they also released personal data and corporate documents that included damaging employee communications and payroll information. The attack also disrupted the company’s email and telephone systems and included an unprecedented threat of physical violence to individuals.

It’s no wonder, then, that concern about cybersecurity risks has become top of mind among executive leaders. PwC’s 18th Annual Global CEO Survey 2015 shows that concern about cyberthreats increased more than any other risk factor over the past year. And nowhere is that unease more pronounced than in the U.S., where apprehension about cyberthreats is second only to worries about government regulation. In fact, the percentage of U.S. executives who say that they are “extremely” concerned about cyber threats has doubled in the past year: 45 percent of CEOs reported the highest level of concern, up from 22 percent in 2014.

“Cloud-based security can significantly reduce the need to purchase, maintain, and enhance technology infrastructure”

As more executive leaders and Boards of Directors become concerned about cyber-risks, they’re asking their CIOs about the company’s cyberthreat landscape and response readiness. Forward-thinking CIOs are not only delivering a clear picture of current risks and readiness, they are also emphasizing the importance of understanding cybersecurity as an enterprise-wide business risk issue. They are taking the lead by explaining why cyberthreats are among the most significant business risks facing their organizations, and how cybersecurity incidents can result in potentially crippling financial, legal, and reputational consequences.

Given the complexity of today’s evolving threats and the technologies and processes used to combat them, that’s not an easy message to formulate. In fact, educating corporate leaders about the importance of cybersecurity risk readiness and well-rehearsed response processes is a challenge for many CIOs.

That’s one reason why PwC developed a role-playing simulation called Game of Threats. The game simulates a realistic data breach scenario that allows executives to see how a cyberattack plays out, from the perspective of both the hacker and the company under attack. The role-playing game helps executives understand the consequences and nuances of breach responses, as well as the importance of ensuring that the necessary cybersecurity resources are available and properly used.

Another way that CIOs are advancing their cybersecurity programs is by adopting new technologies and architectures that can deliver powerful security, privacy, and compliance protection. In particular, forward-leaning CIOs are embracing cloud-based cybersecurity services. In The Global State of Information Security S u r v e y 2015, PwC found that 22 percent of respondents who use cloud computing said they leverage the cloud for security services, in addition to traditional deployments like file storage and hosting of data and applications.

These CIOs are in the vanguard of what PwC sees as a powerful new approach to cybersecurity. In recent years, cloud providers have invested in cutting-edge tools for data protection, threat defense, network security, and identity and access management. More importantly, they also have added infrastructure capabilities that enable them to improve intelligence gathering and threat modeling, better block attacks, enhance collaboration and collective learning, accelerate incident responses, and create secure communications channels.

These capabilities can help CIOs address security threats that arise as more businesses share more data that are sensitive with third-party contractors, suppliers, and partners. T o do so, cloud-based cybersecurity services can create an infrastructure that provides third parties with appropriate access to the systems and data they need—without giving them credentials to the corporate network.

Cloud advantages are augmented by the scalability of the underlying architecture, which allows service providers to deliver access to considerably more information security technology than most organizations could afford on their own. Cloud-based security can also significantly reduce the need to purchase, maintain, and enhance technology infrastructure and hire support personnel, enabling companies to address cybersecurity fundamentals at a lower cost.

One thing seems certain: Sophisticated and increasingly damaging cyberattacks are the new normal, and there is no going back. Farsighted CIOs are taking the lead in implementing an adaptive cybersecurity strategy that is based on the fundamentals of enterprise risk management and empowered by technology breakthroughs like cloud-based security. That’s a strategic approach that is likely to define the nature of cyber-risks and responses in the coming decade.

Check out: Top Web Security Solution Companies

Weekly Brief

Read Also

Security Vendors: Leveraging Partnerships and Reducing Risk

Security Vendors: Leveraging Partnerships and Reducing Risk

Michael A. Clancy, Chief Security Officer, Enterprise Resiliency & Security, Fannie Mae
Cyber Resilience Begins with Effective Cybersecurity

Cyber Resilience Begins with Effective Cybersecurity

Shannon Lawson, CISO, City of Phoenix
Top Skills Needed for Security Guards

Top Skills Needed for Security Guards

Titan Samuel Jonas, Head of Global Sales, Titan Security Europe
Cybersecurity 2.0 - 4D (Digital Defense, Detection & Deception)

Cybersecurity 2.0 - 4D (Digital Defense, Detection & Deception)

Umesh Yerram, Vice President, Chief Data Protection Officer, AmerisourceBergen
Managing Risks to Security Officers during Covid

Managing Risks to Security Officers during Covid

Samuel Jonas, Head of Global Sales, Titan Security Europe
Security Aspect of Remote Access Technology

Security Aspect of Remote Access Technology

Dan Macgregor, IT Director, MMI Hotel Group