Data and digital infrastructure lie at the heart of today's virtual economy. They are are paving the way for smarter, borderless collaborations across countries and industries, weaving together a dynamic tapestry of public-private partnerships, interconnected ecosystems, and information infrastructures.
As new opportunities in data unravel, so will the threats that look to undermine them. In an ever-evolving cyber threat landscape, the adverse consequences to assets, integrity and finances can be potentially devastating. While transformative, the introduction of breakthrough technologies also poses new challenges to security, privacy and ethical legislations — raising fresh questions about the role of trust in digitally connected systems. The diverse nature of national and cultural perspectives are further complicating the issue, as consensus on tackling the challenges at hand remain inherently divided.
Ensuring a robust, resilient cyberposture will remain a top line agenda for countries and industries as they innovate decision-making, ensure compliance and drive growth in a new digital era.
In our Cybersecurity considerations 2023 report we identify eight key considerations that CISOs should prioritise in the coming year as they seek to bolster their cybersecurity frameworks. This includes key strategies they can adopt to navigate the complex digital landscape.
Securing the digital world: Eight key cybersecurity considerations for CISOs
The topic of digital trust is finding its way into board agendas as issues concerning privacy, security and ethics gain momentum due to increased regulation and growing public opinion. The future success of any digitally enabled business is built on digital trust, making cybersecurity and privacy key nodes of growth. CISOs must be prepared to help the board and C-suite create and maintain the trust of their stakeholders if they are to maintain a competitive advantage. Achieving this potential requires a collective commitment from all stakeholders.
Embedding security within the business in a way that helps people work confidently, make productive choices, and play their part in protecting the organisation remains a key yet often challenging objective for CISOs. The solution here lies in viewing cybersecurity from both a user and business perspective.
It’s no surprise that business operating models have fundamentally changed over the last decade, becoming platforms for more fluid, data-centric, connected ecosystems comprising of internal and external partners and service providers. To mitigate potential damage in such a connected computing world, CISOs can incorporate elements like zero trust, Secure Access Service Edge (SASE) and cybersecurity mesh models to mitigate and manage threats.
CISOs need to adopt a holistic view of their organisation's cybersecurity capabilities and gaps. This means knowing which services to keep in-house and which to outsource, ensuring a shared responsibility cybersecurity model between the organisation and trusted service providers.
In the race to innovate and harness emerging technologies, concerns over security, privacy, data protection and ethics — while increasingly being put under the spotlight — are also often ignored or overlooked. Left unchecked, this negligence could lead businesses to sabotage their potential, especially with new AI privacy regulations on the horizon.
Following the G20 adoption of principles for trustworthy AI, there have been major developments in AI risk management and regulation. Singapore for one, has launched its own AI security standard while the National Institute of Standards and Technology (NIST) in the United States has published its AI risk management framework. Adding to this list is the EU AI act which will go live later this year.
Businesses across almost every industry are shifting towards a product mindset by focusing on developing network enabled services and managing their supporting devices. CISOs and their teams are getting increasingly involved in the engineering, development and product support functions as organisations come to terms with the importance of cybersecurity.
The interval between initial compromise to enterprise-wide ransomware activation is decreasing. Rogue and state-sponsored attackers can now penetrate systems with automated tooling and accelerate the exploitation of systems. Security operations should be optimised and structured to fast-track the recovery of priority services when an incident occurs. This can help reduce the adverse impact on clients, customers and partners.
No security system is infallible. There is an air of inevitability that, at some point, most organisations will suffer a breach — either large or small, and likely more than once. Regulators are increasingly focusing on plausible scenarios and pushing companies, particularly those in strategically important industries like energy, finance, and health care to maintain resilience.
Related Content
Get in touch
Connect with us
- Find office locations kpmg.findOfficeLocations
- kpmg.emailUs
- Social media @ KPMG kpmg.socialMedia