
Why CIOs are Embracing Enterprise Risk Management to Improve Cybersecurity


David Burg, Global & U.S. Advisory Cyber Security Leader, PwC
Businesses across sectors and around the world have reached a tipping point on cybersecurity. As risks continue to escalate, it’s becoming clear that existing approaches simply are not working.
In The Global State of Information Security Survey 2015, PwC found that the number of detected security incidents increased at a compound annual growth rate of 66 percent over the past five years. And it’s not just the frequency of incidents that’s surging— cyberattacks are also becoming increasingly multi-faceted and destructive. Last year’s assault on a U.S. entertainment company, in fact, introduced an entirely new level of malice. The perpetrators not only stole valuable intellectual property, but they also released personal data and corporate documents that included damaging employee communications and payroll information. The attack also disrupted the company’s email and telephone systems and included an unprecedented threat of physical violence to individuals.
It’s no wonder, then, that concern about cybersecurity risks has become top of mind among executive leaders. PwC’s 18th Annual Global CEO Survey 2015 shows that concern about cyberthreats increased more than any other risk factor over the past year. And nowhere is that unease more pronounced than in the U.S., where apprehension about cyberthreats is second only to worries about government regulation. In fact, the percentage of U.S. executives who say that they are “extremely” concerned about cyber threats has doubled in the past year: 45 percent of CEOs reported the highest level of concern, up from 22 percent in 2014.
“Cloud-based security can significantly reduce the need to purchase, maintain, and enhance technology infrastructure”
As more executive leaders and Boards of Directors become concerned about cyber-risks, they’re asking their CIOs about the company’s cyberthreat landscape and response readiness. Forward-thinking CIOs are not only delivering a clear picture of current risks and readiness, they are also emphasizing the importance of understanding cybersecurity as an enterprise-wide business risk issue. They are taking the lead by explaining why cyberthreats are among the most significant business risks facing their organizations, and how cybersecurity incidents can result in potentially crippling financial, legal, and reputational consequences.
Given the complexity of today’s evolving threats and the technologies and processes used to combat them, that’s not an easy message to formulate. In fact, educating corporate leaders about the importance of cybersecurity risk readiness and well-rehearsed response processes is a challenge for many CIOs.
That’s one reason why PwC developed a role-playing simulation called Game of Threats. The game simulates a realistic data breach scenario that allows executives to see how a cyberattack plays out, from the perspective of both the hacker and the company under attack. The role-playing game helps executives understand the consequences and nuances of breach responses, as well as the importance of ensuring that the necessary cybersecurity resources are available and properly used.
Another way that CIOs are advancing their cybersecurity programs is by adopting new technologies and architectures that can deliver powerful security, privacy, and compliance protection. In particular, forward-leaning CIOs are embracing cloud-based cybersecurity services. In The Global State of Information Security Survey 2015, PwC found that 22 percent of respondents who use cloud computing said they leverage the cloud for security services, in addition to traditional deployments like file storage and hosting of data and applications.
These CIOs are in the vanguard of what PwC sees as a powerful new approach to cybersecurity. In recent years, cloud providers have invested in cutting-edge tools for data protection, threat defense, network security, and identity and access management. More importantly, they also have added infrastructure capabilities that enable them to improve intelligence gathering and threat modeling, better block attacks, enhance collaboration and collective learning, accelerate incident responses, and create secure communications channels.
These capabilities can help CIOs address security threats that arise as more businesses share more data that are sensitive with third-party contractors, suppliers, and partners. To do so, cloud-based cybersecurity services can create an infrastructure that provides third parties with appropriate access to the systems and data they need—without giving them credentials to the corporate network.
Check Out: Enterprise Risk Management Solutions
Cloud advantages are augmented by the scalability of the underlying architecture, which allows service providers to deliver access to considerably more information security technology than most organizations could afford on their own. Cloud-based security can also significantly reduce the need to purchase, maintain, and enhance technology infrastructure and hire support personnel, enabling companies to address cybersecurity fundamentals at a lower cost.
One thing seems certain: Sophisticated and increasingly damaging cyberattacks are the new normal, and there is no going back. Farsighted CIOs are taking the lead in implementing an adaptive cybersecurity strategy that is based on the fundamentals of enterprise risk management and empowered by technology breakthroughs like cloud-based security. That’s a strategic approach that is likely to define the nature of cyber-risks and responses in the coming decade.
Featured Vendors
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
The Intelligent Legal Department
Data Protection Trends - GDPR as a forthcoming global privacy benchmark
The 5 questions you should be asking about legal tech
Technology as a Tool to Aid the Legal Function
Building On Your Legal Tech Journey
Enhancing Productivity of Lawyers with Technology
