EB styles XF
Arriving now: The CISO’s 2024 agenda
Four topics shaping the information security agenda
As a chief information security officer (CISO), you face an environment characterized by ongoing disruption and eroding trust. Emerging technologies and significant geopolitical events continue to affect the cybersecurity landscape, giving rise to new threats that can disrupt your business. At the same time, declining confidence in the institutions that underpin society is helping drive organizations to look for new ways to earn and cement trust among customers, employees and stakeholders. All of this may demand agile, digitally enabled cybersecurity capabilities that can address fast-evolving data and information security trends.
Are you prepared to report on cyber breaches within 72 hours? This is just one of many new drivers of transparency stemming from new cyber laws and regulations, such as the new SEC cyber disclosure rule. But the shift from voluntary to mandatory information-sharing can also bring with it opportunity: It helps empower you to build more thorough actions and defenses against one of the many daunting risks that your company might face. And the guardrails that regulators put up can give companies added confidence to explore, experiment, invent and compete. Stay ahead of demanding regulatory requirements by developing a tech-enabled approach that embeds cyber across the enterprise.
To meet new requirements, work with your chief risk officer, your general counsel and the other members of your C-suite. Your goal should be to create a consistent, compelling narrative, set priorities and identify which rules will require concrete changes in your cyber risk management practices. It can be also important to understand what your board expects from you and how to succinctly explain complex cyber regulations. Finally, consider how cybersecurity measures can extend to teams responsible for external reporting, as well as how stakeholders may react to disclosures.
35%
of executives think that mandatory reporting of cyber risk management, strategy and governance is vital to securing their future growth
Many businesses are making bold moves and taking on greater risk exposure despite the ever-present risk of a cyber crisis. Macro, geopolitical and other external events continuously test organizational resilience. Many times risk leaders, including CISOs, say they’re unable to keep up, despite investments in tech and data. Yet, in today’s business climate, we simply can’t talk about digital transformation or reinvention without mentioning cybersecurity in the same breath.
From your board to your organization’s first-line cybersecurity operations, you may field questions about resiliency, including whether you’re doing enough to safeguard your company and your customers in a cyber attack. Are there opportunities to reduce the impact on the business and shareholder value with your threat response? Embrace cyber as a whole-of-business endeavor, putting yourselves in the business owner’s shoes. Adapt to changes in the cyber landscape while taking action to defend against threats by bolstering your resilience to disruption and building confidence in your organization’s cybersecurity program.
Only2%
of companies are optimizing and continuously improving across nine cyber resilience best practices
Is your organization’s cyber risk management keeping up with new technology? Moving to the cloud can change the nature of information security. Threat intelligence and the use of generative AI (GenAI), the metaverse and machine learning, including models that automate data classification, monitor security and analyze vulnerabilities, add more valuable assets for threat actors to target and for you to manage. Make sure your technology leaders understand the security challenges, such as keeping your data and intellectual property safe, that your company can face during and after cloud or technology transformation.
While emerging technologies can sharpen your cyber risk management, don’t overlook the cost savings and efficiencies they can also provide in automating routine tasks. Demonstrating that you’re balancing the risks with the rewards of innovation will go a long way toward gaining trust in your company — and in getting a leg up on the competition.
Try bold, new ways of managing cyber risk. It’s imperative to build technological and operational resilience that addresses possible third-party risks. Connect with your senior leadership team to take an enterprise-wide view of the threats your company may face now and down the road, with an eye toward building action plans. You should be ready to safeguard critical assets, decrease downtime for core business processes, address regulatory implications and support a quick recovery. And, to get the most benefit from emerging technologies, collaborate early with your executive team to incorporate risk management and controls into your transformation strategies.
Only3%
of companies continually update their risk management plans to mitigate nine cloud-related risks, including concentration and third-party risks
Your company’s growth and capabilities for innovation may be predicated on how effectively you’re using your data. A thoughtful approach to managing your company’s data life cycle can promote secure data management while still enabling the insights you need to tailor products and services for your customers. In addition, a formal data governance program can improve utilization of the digital platforms and analytics that uncover the most valuable data, safeguard it from cyber threats and minimize unsecured or unreliable data.
As most businesses become ever-more digitized, data needs new guardrails — and regulators are keen to create them. Areas such as decentralized finance, cryptocurrency, GenAI, modern antitrust, novel surveillance and a host of others are inspiring a steady stream of new laws, regulations and proposals. To stay a step ahead, start with a tech-enabled understanding of where your cloud-based data is, how it’s being used and how it’s secured and managed.
25%
of executives incorporate data security and privacy features into products, services and third-party relationships