Technology companies continue to provide the products and services that have powered digital transformation throughout the COVID-19 pandemic and allowed the wheels of global industry to keep turning. Yet this digital acceleration has also caused an explosion in the number of potential cyber vulnerability points due to an immediately virtual workforce, increased cloud adoption, hastily reworked supply chains, and new business partnerships. The rapid integration of new technologies also created an avalanche of new data to be stored and protected.
While some of these trends were already underway, the pandemic dramatically accelerated them. Technology companies were forced to react quickly like all others. In this new reality, technology company CEOs rank cyber risk as the greatest threat to their organization’s growth over the next three years, higher than even supply chain disruption, climate change, or talent risk.1
Investing in skills and technology
Building a human firewall. Technology CEOs recognize the threat environment changes constantly, and sophisticated solutions can be the foundation of a cyber security program. However, technology cannot protect everything. It needs to be reinforced by human behavior. Many studies show that a large percentage of reported breaches include some element of human error. That makes it critical for businesses to develop and maintain a comprehensive cyber security strategy that incorporates skilling the workforce.
Cyber security requires a technological village. Enterprises have long recognized that one technology or process is unable to mitigate cyber risk by itself. They need to invest continually and broadly to identify emerging threats, improve the organization’s response capabilities, and increase efficiency within their security function and business units. Tech leaders also feel that while cyber tools are necessary to enable enterprise success, they cannot be so intrusive that they hinder operational efficiency or growth.
Cyber investment yields optimism
Technology company leaders are optimistic overall about the state of their information security function, as well as the degree to which it is integrated with their broader risk management efforts, third-party partnerships, and business unit leadership. Nearly three-quarters (74 percent) of tech CEOs say they are prepared for a future cyber-attack, compared to 58 percent across all industries.
The redefined CISO
As threats and regulatory expectations evolve, Chief Information Security Officers or CISOs are taking on increased responsibilities and building relationships with a wide range of functions and business unit leaders. The CISO’s role is moving beyond “protect and detect” to enabling the business to get up and running quickly after an incident, as well as helping the CEO preserve trust with customers, suppliers, regulators, and other stakeholders.
CISOs are also leveraging this opportunity to enhance organizational resilience by working to embed security- and privacy-focused design principles throughout their companies’ digital infrastructures. This expanded scope allows organizations to enhance their ability to mitigate cyber, regulatory, and business risks more effectively.
The excerpt was taken from the KPMG Thought Leadership publication Tech companies lean on cyber to go faster and gain trust (kpmg.us).