Foreword
Our future is dependent on data and digital infrastructure. The COVID-19 pandemic accelerated our shift to digital channels and brought these issues into sharp focus. As global economies, and supply chains were disrupted, organizations had to rethink their dependencies on goods, services and the digital infrastructure that underpins them.
Breakthrough technologies are expected to shape that future — artificial intelligence, blockchain, biometrics, hyperconnected systems and virtual reality, to name just a few. And all can pose new security, privacy and ethical challenges and raise fundamental questions about our trust in digital systems. Consensus on tackling those issues can be hard to arrive at with diverse national and cultural views; nonetheless, this is the environment in which global commerce needs to thrive, and we need to address concerns now as we innovate, not retrospectively when it’s too late.
The list of industries we consider systemically important is also changing. In the past, we focused on utilities, telecommunications and financial services. Now we have a complex tapestry of public-private partnerships, connected ecosystems, and information infrastructures. One look at financial markets shows a hyperconnected world of financial institutions, market infrastructure, data and managed service providers — all of whom are now systemically important. As the degree of interconnectedness and dependency increases, so does the interest from those looking to attack and exploit those infrastructures.
With these changes comes a global drive toward greater cybersecurity regulation. This increases concern among organizations over the growing burden of regulation and the diversity of various reporting requirements. As a result, businesses are putting more and more emphasis on embedding privacy and security into how they operate, both in response to the changing threats and the need to comply with trans-border regulatory requirements.
Cybersecurity should be integral to every business line, function, product and service. Organizations must aim to ensure that cybersecurity is ubiquitous across the digital enterprise and woven into strategy, development and operations across the board. As Lisa Heneghan, Chief Global Digital Officer, KPMG International, says:
“Organizations need to start thinking about cybersecurity as the golden thread that runs throughout their organization. It should be put at the heart of business and used as a foundation to build digital trust. But the Chief Information Officer (CISO) and their teams cannot do this alone; it should be the responsibility of everyone. This isn’t easy — first, people should understand how it relates to them — and then you must think about how you can integrate security into existing processes. Treating every business function as a customer and designing security controls with experience in mind can encourage responsible and secure behaviors and can benefit the business hugely.”
CISOs will likely also play a major role in activating and shaping a broader dialogue around the resilience of business to digital disruption, helping companies better understand the evolving nature of the assets and digital services companies need to protect and providing the basis for trust in those systems.
The report explores the actions CISOs, specifically, and the broader business generally, can take in the year ahead to demonstrate to boards and senior management that digital trust can and should be a competitive advantage. See page 22 for specific people, process, data/technology, and regulatory recommendations.
Connect with us
- Find office locations kpmg.findOfficeLocations
- kpmg.emailUs
- Social media @ KPMG kpmg.socialMedia
For more information, download the full report below.
Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.