According to PwC, cyber-resilience efforts must catch up among global organizations, partly because they fail to involve CISOs in strategic technology investments.
The consulting giant polled over 4000 business and technology executives to compile its annual Global Digital Trust Insights report.
PwC found that just 2% of responding organizations have implemented cyber resilience actions across all areas surveyed. That could be because CISOs are not given enough power and autonomy. Less than 50% are involved to a large extent in strategic planning for cyber investments.
“Give your CISO a seat at the table,” the report urged. “Their insights are vital for proactively navigating cybersecurity as a core business enterprise risk. Involving them at the highest level helps your organisation align its approach to safeguarding critical assets and driving resilience.”
The gap between tech and business executives’ outlook and priorities is also noticeable elsewhere. Two-thirds (66%) of tech executives ranked cyber as the highest risk for mitigation versus half (48%) of business executives. On the other hand, business execs are more concerned about inflation (53%) than their tech peers (44%).
Another symptom of poor alignment between business and cyber goals is that just 15% of respondents are measuring the financial impact of cyber risks to a significant extent. That’s despite the vast majority (89%) agreeing that this is key to prioritising cyber-risk investment.
The report claimed that uncertainty around the scope of risk, data and reliability issues, and compliance concerns are among the main barriers to improvement.
“It’s time to realise the full potential of cyber risk quantification. The gap between recognition and implementation is a missed opportunity that can no longer be ignored,” PwC argued.
“Organizations that don’t measure cyber risk or haven’t fully developed this capability are leaving critical intelligence on the table, particularly when it comes to informing board decisions and capital allocation.”
Compliance Concerns
Compliance is another critical area where business and tech executives must remain aligned. The report highlighted a 13 percentage-point gap in confidence between CISOs and CEOs regarding compliance with AI and resilience regulations.
“Because CISOs are more attuned to the day-to-day operational difficulties, resource constraints and potential vulnerabilities that can hinder cyber compliance, it’s vital that they more effectively communicate these risks to the leadership team,” PwC said. “What’s preventing them? Potential obstacles include barriers to CISO participation in strategic decisions and an inability to justify the amount of cyber risk investment needed.”
Greater CISO-board alignment will require CISOs to make a more forceful business case for more involvement in strategy. It will also demand that the Board take a closer interest in cyber risk program developments and that the CEO/CFO/CIO participate in cyber-resilience exercises and assessments, PwC concluded.
Source: Infnosecurity Magazine
Latest News:
- #CyberMonth: Software Updates, A Double-Edged Sword for Cybersecurity Professionals
Software updates are critical in protecting systems from cyber threats and providing new and improved functionality to software products. They are necessary to patch vulnerabilities that can be exploited by malicious actors, ensuring that systems remain secure. Software updates are one of the four pillars of the 2024 International Cybersecurity Awareness Month campaign. As part … - Universal Music Group Admits Data Breach
Universal Music Group (UMG), one of the world’s largest music corporations, disclosed a data breach in mid-July 2024. According to a filing with the Maine Attorney General’s Office, the breach may have exposed the personal information of 680 US residents. In the filing, UMG said it detected unauthorized activity in one of its internal applications on July 15, … - Sellafield Fined for Cybersecurity Failures at Nuclear Site
Sellafield Ltd. has been fined £332,500 ($437,440) for cybersecurity failures at the Sellafield nuclear facility in Cumbria, North-West England. Westminster Magistrates Court issued the fine following a prosecution brought by the Office for Nuclear Regulation (ONR), the UK’s independent nuclear regulator. Sellafield Ltd has also been ordered to pay prosecution costs of £53,253.20 ($70,060). The offences …
