• Atul Gupta, Partner |
  • Naveen Aggarwal, Partner |
4 min read

Security is everyone’s responsibility

When it comes to cybersecurity, the need for skill at scale along with mature technology is a given, and this is driven due to an unprecedented, uncertain environment and the resultant exposure to data-related vulnerabilities. Today, cyber leaders have transformed from organisational enforcers to influencers.

The C-suite is taking note of this unprecedented transformation. According to KPMG’s 2021 CEO Outlook, a sizeable majority of CEOs (75 percent) believe that a strong cyber strategy is critical to engender trust with key stakeholders. From the board to the C-suite and from the front office to back, controls need to be in place to protect the organisation’s high-value assets, the proverbial ‘crown jewels’.

This trend is not new, and we have seen an upsurge in recent times, which was accelerated by the pandemic. Remote workforce and wide-scale adoption of cloud-based platforms have created an unprecedented dependency on technology. The pace of change has also created less controlled work environments. This coupled with increased adoption of 5G, connected devices and new processes/procedures have all led to an increase in cyber risks.

Matching skills with scale – The million-dollar question!

The demand for cyber skills including cloud security and Governance, Risk and Compliance (GRC) is at an all-time high. Organisations are looking for partners to develop priority solutions around cyber artificial intelligence (AI), vulnerability management, data lifecycle management and secure DevOps, amongst others. The growing need for meeting compliance and data protection laws across jurisdictions, as well as the adoption of cloud services are expected to drive the demand for managed security services. In short, organisations are reiterating the ‘privacy focused’ narrative to external stakeholders through an enhanced focus on security.

The unparalleled pace of technology-led changes is not just forcing CXOs to rethink their organisation’s skills strategy but also look at ways to address the bulging global cyber talent gap. While technology related automation is expected to take the bulk of routine tasks, in the medium to long term, the workforce is expected to transition from a ‘doing’ to an ‘enabling’ role. Their focus will be on new product development, productivity, building resilience and taking on larger, bolder, and more strategic cyber initiatives. For that to happen in an effective manner, getting the right partnership between humans and machines is pivotal.

To add to this, with increased remote working, the trend towards remote skills is being considered by CISOs in jurisdictions that offer skills with scale. Organisations are decoupling what’s core for them to govern their security, risk and incident management versus what can be outsourced. The intricate tapestry of sourcing models and relationships with outsourced and co-sourced suppliers will depend on who provides scale with the right skill for security operations through a shared model.  

Leveraging the India opportunity

India, in the recent past, has emerged as a feasible option for global companies to address the above challenges. Several large MNCs have their global centres in India, displaying not just a high degree of global cost competitiveness, but also drive the cyber agenda by becoming strategic partners to the parent organisation. The large tech/engineering talent base and constant innovation are acting as critical enablers to help the country become a global powerhouse in this domain. Continued investment in building a robust ecosystem for creation of the platform and intellectual property (IP) is furthering the innovation agenda and increasing opportunities to co-create sustainable cyber products and solutions.

There is perhaps no better time for both countries to collaborate. US MNCs have been challenged in finding the right talent and tools to effectively address cyber related risks. The shortage in the cyber talent gap is by far the most glaring amongst the developed economies. To mitigate this gap, several companies in the product and services space are establishing cyber centres of excellence (CoEs) in India. These CoEs are working closely with the HQ to develop customised products and solutions to meet their own and clients’ security requirements and goals. US companies believe that India’s demonstrable skill set and expertise hold the potential to address the immediate term talent-related challenges and further the organisation’s global cyber agenda in the medium to long term.

All this is driving tremendous collaboration for our clients between their India and the US teams to empower a unified approach across multiple geographies to formulate strategies and de-risk ecosystems. As a result, this has further brought to the fore, KPMG’s ‘One firm” approach, wherein cyber teams from both the US and India firms are partnering to facilitate the transformation journey of our clients and achieve their goals.