Cyber and privacy leaders' agenda
Cyber and privacy leaders must act now to tackle today’s most pressing security challenges.
The COVID-19 crisis has been a wake-up call for CISOs. The business has looked to the cybersecurity team to protect it from an evolving cyber threat, while enabling urgent technology transformation and new growth.
Now more than ever, you need to get your strategies and priorities right. Here's how in four steps:
-
Reassess your alignment with the business
Cybersecurity teams have traditionally been strongest when it comes to assessing their capabilities, identifying risk, and building roadmaps for the future. CISOs should focus attention on the elements of cybersecurity where many have been weaker in the past. Specifically, they should look to strengthen their engagement with stakeholders, ensure their alignment to core business goals and objectives, and assess their business partners’ satisfaction with the performance and delivery of security services.
As their relationships with business partners have deteriorated in recent years, CISOs may now lack the visibility they need to operate in sync with other functions and pursue a strategy that aligns with the business. Explore next steps for CISOs in the articles below.
Cybersecurity: Como você se eleva acima das ondas de uma tempestade perfeita?
O EY Global Information Security Survey 2021 mostra CISOs e líderes de segurança lutando contra uma nova onda de ameaças desencadeada pela COVID-19.
22 jul 2021
Como os CISOs da próxima geração podem se tornar agentes de mudança
CISOs com visão para o futuro estão buscando um novo papel, construindo relações interfuncionais mais fortes para apoiar a inovação e a transformação.
22 jan 2020
-
Review your talent profile
To respond to the organizational challenges highlighted by EY research, as well as the sophisticated nature of recent high-profile attacks, CISOs need the support of versatile, multi-skilled professionals.
However, the breadth of skills needed in today’s function is expanding in several directions at once. There is no such thing as a “standard” cybersecurity profile. CISOs need individuals with advanced technical skills, as well as the ability to build interdepartmental relationships.
We outline in this article some of the many cybersecurity executive profiles that have emerged in recent years, despite the profession’s relative newness. Each profile has its own area of focus, relies on its own range of soft skills and professional qualifications, and plays an important role in meeting the changing needs of the business.
Cybersecurity: Como você se eleva acima das ondas de uma tempestade perfeita?
O EY Global Information Security Survey 2021 mostra CISOs e líderes de segurança lutando contra uma nova onda de ameaças desencadeada pela COVID-19.
22 jul 2021
-
Focus on four key stakeholder groups
CISOs are familiar with the principle of “shifting left,” striving to involve cybersecurity earlier on in the transformation and product development lifecycle. The challenges of COVID-19 indicate, however, that shifting left is no longer all that is required. Our suggestion to CISOs is that they shift north, east, south, and west. In practice, this means navigating four key stakeholder groups.
Addressing the concerns of management, at “north,” means focusing on reporting and accountability, as well as budgeting and resource allocation. Shifting the focus “east,” to regulators, is a case of prioritizing certifications and attestations, along with regulatory mapping. Shifting south is about enhancing standards and testing. And shifting west involves focusing on security and privacy by design, along with certifications and continuous testing.
If CISOs can position themselves in the center of these four vital stakeholders, they will be in the right place to take their function to the next level of strategic influence.
Cybersecurity: Como você se eleva acima das ondas de uma tempestade perfeita?
O EY Global Information Security Survey 2021 mostra CISOs e líderes de segurança lutando contra uma nova onda de ameaças desencadeada pela COVID-19.
22 jul 2021
Despite ongoing uncertainty over budgets, EY research reveals that leaders expect to invest in the following areas:
-
Identity and access management
The shift to remote working during the COVID-19 pandemic brought the importance of robust identity and access management (IAM) practices firmly into the spotlight. It has become an integral pillar of an organization’s security infrastructure as the business demands better access controls in a less controlled network environment with shared platforms.
The increased use of personal devices and remote access to core business systems increases the threat landscape of businesses. However, adoption of new IAM controls and processes will mitigate the cyber risks and threats for organizations.
What can security leaders do now, next and beyond?
- Now – solve the current crisis
Perform an impact assessment of remote working, IAM processes, and secure access to critical and non-critical applications. Support contingency programs including IAM process simplification and work-arounds, and re-organize IAM operations to accelerate execution and monitoring of remote and privileged access. - Next – steps for year-round
Assess the appropriateness of remote access by critical/non-critical application, and review the revised access controls with your compliance teams. Also gain buy-in from your compliance team for simplified procedures, including access to business applications. - Beyond – resiliency and risk management
Enhance your IAM capability through improved contingency processes, awareness, reporting, technology and collaboration.
COVID-19: Como os CIOs podem manter as luzes acessas durante a pandemia e além dela
A infraestrutura tecnológica é agora mais importante do que nunca para permitir a continuidade dos negócios e criar uma base sólida para a futura resiliência.
18 jun 2020
- Now – solve the current crisis
-
Co-sourcing and outsourcing
Cybersecurity is increasingly diverse and complex and is now a critical function to enterprise risk management, requiring constant proper due care. The COVID-19 pandemic has demonstrated the negative impact of rapid operational disruption. The need to temporarily redirect internal resources, to meet a surge in certain areas or obtain specialized resources, can make adding an outsourcing partner to your strategy a sound component to your business risk management efforts.
At minimum, seeking help with critical cybersecurity operational functions, such as cyberthreat detection and response or identity and access management, might be the right decision.
Como os serviços gerenciados podem acelerar a transformação dos negócios
À medida que as empresas se reconstroem em 2021, a transformação e a capacidade de pensar de forma diferente são essenciais — os serviços gerenciados podem ser a solução.
9 dez 2020
Pandemia da COVID-19: Como os bancos podem aumentar a resiliência contra o crime financeiro
Uma abordagem mais ágil, eficiente e resiliente ao cumprimento dos crimes financeiros pode dar aos bancos a confiança necessária para se recuperarem mais rapidamente e com mais força.
16 jul 2020
Case study: creating a smarter, safer grid for new meters
EY teams are helping a national electricity company reinforce its legacy power infrastructure for a trusted, cyber-safe future.
How technology fights FinCrime while enhancing regulatory compliance
EY enabled a large global bank to lead the fight against FinCrime in a way that also helped it improve efficiency and increase compliance.
Industry insights
Consumer, retail, telco and media
Energy & Resources
Health and life sciences
Private business
Analyst recognition
Webcasts on-demand
Transformation Realized™
Consulting at EY is building a better working world by realizing business transformation through the power of people, technology and innovation.
Our latest thinking
The team
Contact us
Like what you’ve seen? Get in touch to learn more.
