Written by 11:13 am Security News

PwC Urges Boards to Give CISOs a Seat at the Table

PwC Urges Boards to Give CISOs a Seat at the Table

According to PwC, cyber-resilience efforts must catch up among global organizations, partly because they fail to involve CISOs in strategic technology investments.

The consulting giant polled over 4000 business and technology executives to compile its annual Global Digital Trust Insights report.

PwC found that just 2% of responding organizations have implemented cyber resilience actions across all areas surveyed. That could be because CISOs are not given enough power and autonomy. Less than 50% are involved to a large extent in strategic planning for cyber investments.

“Give your CISO a seat at the table,” the report urged. “Their insights are vital for proactively navigating cybersecurity as a core business enterprise risk. Involving them at the highest level helps your organisation align its approach to safeguarding critical assets and driving resilience.”

The gap between tech and business executives’ outlook and priorities is also noticeable elsewhere. Two-thirds (66%) of tech executives ranked cyber as the highest risk for mitigation versus half (48%) of business executives. On the other hand, business execs are more concerned about inflation (53%) than their tech peers (44%).

Another symptom of poor alignment between business and cyber goals is that just 15% of respondents are measuring the financial impact of cyber risks to a significant extent. That’s despite the vast majority (89%) agreeing that this is key to prioritising cyber-risk investment.

The report claimed that uncertainty around the scope of risk, data and reliability issues, and compliance concerns are among the main barriers to improvement.

“It’s time to realise the full potential of cyber risk quantification. The gap between recognition and implementation is a missed opportunity that can no longer be ignored,” PwC argued.

“Organizations that don’t measure cyber risk or haven’t fully developed this capability are leaving critical intelligence on the table, particularly when it comes to informing board decisions and capital allocation.”

Compliance Concerns

Compliance is another critical area where business and tech executives must remain aligned. The report highlighted a 13 percentage-point gap in confidence between CISOs and CEOs regarding compliance with AI and resilience regulations.

“Because CISOs are more attuned to the day-to-day operational difficulties, resource constraints and potential vulnerabilities that can hinder cyber compliance, it’s vital that they more effectively communicate these risks to the leadership team,” PwC said. “What’s preventing them? Potential obstacles include barriers to CISO participation in strategic decisions and an inability to justify the amount of cyber risk investment needed.”

Greater CISO-board alignment will require CISOs to make a more forceful business case for more involvement in strategy. It will also demand that the Board take a closer interest in cyber risk program developments and that the CEO/CFO/CIO participate in cyber-resilience exercises and assessments, PwC concluded.

Source: Infnosecurity Magazine

Latest News:

  • Sellafield Fined for Cybersecurity Failures at Nuclear Site
    Sellafield Ltd. has been fined £332,500 ($437,440) for cybersecurity failures at the Sellafield nuclear facility in Cumbria, North-West England. Westminster Magistrates Court issued the fine following a prosecution brought by the Office for Nuclear Regulation (ONR), the UK’s independent nuclear regulator. Sellafield Ltd has also been ordered to pay prosecution costs of £53,253.20 ($70,060). The offences …
  • Ransomware Attack Forces UMC to Divert Emergency Patients
    The University Medical Center (UMC) Health System in Lubbock, Texas, has confirmed a ransomware attack that disrupted its IT infrastructure last week, forcing the diversion of emergency and non-emergency patients.  UMC, the only level 1 trauma centre within 400 miles, faced significant operational challenges, with phone systems down and the patient portal inaccessible. Despite this, …
  • British Hacker Charged in the US For $3.75m Insider Trading Scheme
    A British hacker accused of orchestrating a $3.75m insider trading scheme has been charged in the US. Robert Westbrook, 39, allegedly gained unauthorized access to corporate executives’ email accounts to profit from confidential financial information. US authorities arrested Westbrook last week in London, and he is awaiting extradition to face multiple charges, including securities fraud …