+44-7916-314620
According to PwC, cyber-resilience efforts must catch up among global organizations, partly because they fail to involve CISOs in strategic technology investments.
The consulting giant polled over 4000 business and technology executives to compile its annual Global Digital Trust Insights report.
PwC found that just 2% of responding organizations have implemented cyber resilience actions across all areas surveyed. That could be because CISOs are not given enough power and autonomy. Less than 50% are involved to a large extent in strategic planning for cyber investments.
“Give your CISO a seat at the table,” the report urged. “Their insights are vital for proactively navigating cybersecurity as a core business enterprise risk. Involving them at the highest level helps your organisation align its approach to safeguarding critical assets and driving resilience.”
The gap between tech and business executives’ outlook and priorities is also noticeable elsewhere. Two-thirds (66%) of tech executives ranked cyber as the highest risk for mitigation versus half (48%) of business executives. On the other hand, business execs are more concerned about inflation (53%) than their tech peers (44%).
Another symptom of poor alignment between business and cyber goals is that just 15% of respondents are measuring the financial impact of cyber risks to a significant extent. That’s despite the vast majority (89%) agreeing that this is key to prioritising cyber-risk investment.
The report claimed that uncertainty around the scope of risk, data and reliability issues, and compliance concerns are among the main barriers to improvement.
“It’s time to realise the full potential of cyber risk quantification. The gap between recognition and implementation is a missed opportunity that can no longer be ignored,” PwC argued.
“Organizations that don’t measure cyber risk or haven’t fully developed this capability are leaving critical intelligence on the table, particularly when it comes to informing board decisions and capital allocation.”
Compliance Concerns
Compliance is another critical area where business and tech executives must remain aligned. The report highlighted a 13 percentage-point gap in confidence between CISOs and CEOs regarding compliance with AI and resilience regulations.
“Because CISOs are more attuned to the day-to-day operational difficulties, resource constraints and potential vulnerabilities that can hinder cyber compliance, it’s vital that they more effectively communicate these risks to the leadership team,” PwC said. “What’s preventing them? Potential obstacles include barriers to CISO participation in strategic decisions and an inability to justify the amount of cyber risk investment needed.”
Greater CISO-board alignment will require CISOs to make a more forceful business case for more involvement in strategy. It will also demand that the Board take a closer interest in cyber risk program developments and that the CEO/CFO/CIO participate in cyber-resilience exercises and assessments, PwC concluded.
Source: Infnosecurity Magazine
Latest News:
- Cicada3301 Ransomware Targets Critical Sectors in US and UK
A new ransomware group, Cicada3301, has emerged as a significant threat since its discovery in June 2024. It targets businesses in critical sectors across the US and UK. In just three months, the group has reportedly published data from 30 companies on their dedicated leak sites, underscoring the severity of the threat. Multi-Platform Ransomware and… Read more: Cicada3301 Ransomware Targets Critical Sectors in US and UK - #CyberMonth: Software Updates, A Double-Edged Sword for Cybersecurity Professionals
Software updates are critical in protecting systems from cyber threats and providing new and improved functionality to software products. They are necessary to patch vulnerabilities that can be exploited by malicious actors, ensuring that systems remain secure. Software updates are one of the four pillars of the 2024 International Cybersecurity Awareness Month campaign. As part… Read more: #CyberMonth: Software Updates, A Double-Edged Sword for Cybersecurity Professionals - Universal Music Group Admits Data Breach
Universal Music Group (UMG), one of the world’s largest music corporations, disclosed a data breach in mid-July 2024. According to a filing with the Maine Attorney General’s Office, the breach may have exposed the personal information of 680 US residents. In the filing, UMG said it detected unauthorized activity in one of its internal applications on July 15,… Read more: Universal Music Group Admits Data Breach
