It is time cybersecurity stopped being seen as a tech issue
The cyber threat landscape is evolving rapidly as institutions become more dependant on digital technology. It has never been more important for companies to pre-emptively defend themselves by updating their capabilities.
This world is not only one filled with more digital adversaries and threats, but with an abundance of opportunity for organisations that get it right. As the thread of technology weaves deeper into every aspect of our lives, the topic of cybersecurity is increasingly important for executives and business leaders alike. Many organisations have countered such threats by dramatically increasing cybersecurity budgets - and yet cyber breaches are pervasive.
These conditions may only worsen as digital connectivity, data privacy legislation and geopolitical instability continue to expand. Companies that have already increased their cybersecurity budgets reported that incidents, their impact and the costs associated with them continue to rapidly rise. In 2021, research found companies faced an average of 270 cyber-attacks, showing a 31 per cent increase from 2020.
Throwing more billions into cyber defense This shows costs are rising at an alarming rate, with industries expected to pay as much as $10.5 trillion annually responding to cyber incidents. It demonstrates that greater steps than inflating budgets need to be taken to protect a company from cyber-attacks. Rather than delegating information security strategy to technology teams, senior management must lead the charge by championing cybersecurity policies internally and with their customers, employees and vendors.
To succeed in this, CEOs should align their operational and security teams under one united strategy to create a safe and trusted environment for their clients and peers. The latest ‘State of Cybersecurity Resilience’ research from Accenture shows only 5 per cent of companies are getting this alignment right, which presents an incredible competitive advantage for those companies that take their information security more seriously.
Not just an IT problem
In terms of leadership, cybersecurity has traditionally fallen under the remit of the CIO, but over the last 10 years many have recognised the need for dedicated CISOs to lead corporations through this digital minefield. While accountability remains fragmented, the growing census emerging is that ‘security is everybody’s responsibility’.
In 2021, all of Fortune 500 companies had a CISO, up from only 70 per cent in 2018. One of the primary drivers for this change is that CIO leaders typically place more value on the availability of systems, instead of their security, with their supporting IT teams often lacking the specialised skills and experience to function as cyber defenders.
Yet gaps may remain between the alignment of CISOs and other senior leaders. A key misunderstanding is the continued and outdated belief that cybersecurity is an IT responsibility, rather than a unique business challenge that requires a different set of skills and a whole new way of thinking.
Traditional IT teams are often under-equipped to deal with the barrage of attacks that companies face on a daily basis. It is essential that with this new information, we reform the outdated belief that cyber teams can operate in silos.
To function effectively, cybersecurity must be seen as a strategic enabler for the entire organisation. The adoption of cloud computing, IoT and 5G connectivity - and often the purchasing decisions - are being driven by the C-suite.
Not the time for retrofit
Instead of being retrofitted, security needs to be at the forefront of these initiatives with all risk properly assessed and managed upfront. This approach will not only save time and money in the long-term, but should fortify trust and cyber resilience in this new digital age.
This will require CEOs to ask tough questions, challenge their organisations to identify and assess cyber risk effectively and be more in touch with how security initiatives are progressing.
Cybersecurity is a business challenge the world is still grasping, but a broader collaborative approach with strategy shaped by the CEO, CISO and other key business leaders will lead to a cultural change and the embracement of information security throughout the business.
The Equiti Group have adopted a holistic approach to cyber defence. This strategy embeds information security best practices and principles throughout all levels of the business – from the board through to the operational teams and beyond.