Today’s hyper-connected workplace requires CISOs to wear multiple hats – technologist, evangelist, investigator, negotiator. It is now widely understood that cyberattacks can disrupt business operations and impact revenue growth and that managing and mitigating risk is a responsibility shared by everyone within the organization.
By Prasad Jayaraman, Principal, Advisory, KPMG
Securing the organization is more important than ever. Three-quarters of CEOs believe a strong cyber strategy must engender trust with key stakeholders. Thus, the role of cyber professionals is transforming from enforcer to influencer. Their primary function is evolving beyond promoting awareness of potential cyberattacks to include keeping senior leaders from becoming complacent by challenging assumptions that the organization will not be the next ransomware target.
Organizations Will Adopt a Privacy-first Mindset
Historically, cyber security and data privacy were seen as separate disciplines. But several new regulations such as CCPA or GDPR that aim to protect consumer data have renewed focus on data rights, privacy, and security. Effective data privacy practices require a multidisciplinary approach, a cultural shift in which privacy and security are embedded into organizational change, processes, technology, and products.
With so many fast-evolving regulations across the globe, the regulatory landscape is becoming increasingly difficult to navigate. It will lead to more organizations embracing automation to manage privacy risk identification and reporting.
Cyber Professionals Will Focus More on Their Organization’s Full Ecosystems
This pandemic has taught us that collective action is the only way to enact meaningful change. Most organizations are no longer single, monolithic entities but rather deeply operationally dependent on a robust supply chain, and myriad traditional and non-traditional partners that often have direct access to business systems and data.
It is paramount that CISOs enact risk management frameworks that look both inward and outward to more closely monitor and secure any relationships with third parties such as suppliers and vendors. As a result, CISOs will need to move to a more proactive approach that puts continuous monitoring, usage of AI/ML-based solutions, threat intelligence, and zero trust at the heart of their ecosystem security model.