The rapid adoption of eCommerce applications, videoconferencing and remote working coupled with a reconfiguring of supply chains has radically increased by online threats. Cybersecurity has become more important than ever, but it is not managed as it should be.
Cybersecurity is just another business risk
On the ground, cybersecurity is often treated as a technology issue that is separate from the larger enterprise risk management framework. In reality, it is just another business risk.
‘The World Economic Forum included cyberattacks, data theft and data fraud within its top five threats to organisations.’
‘Cyber breach triggers the realisation of numerous other risks, including reputational damage, loss of investor confidence with financial and market cap impacts and regulatory sanctions and fines.’
… but there is disconnect between business and cybersecurity
In most organisations, security operates in isolation from the business and is rather a roadblock than an enabler. A recent survey found that security professionals are unlikely to recognize how much at risk their organisations are. Therefore they are unable to identify and prioritise investments on the most business-critical risks.
‘Business leaders mention that security teams blow things out of proportion, present an unreasonable budget, and say no to every request by the business for relaxation on any security policy.’
Cybersecurity should be a business goal
Business-aligned cybersecurity fully enables the goals of the business while also addressing security fundamentals and issues arising from legacy infrastructure. It involves agreed goals and metrics, and risk reduction targets with the business counterparts.
‘A business-aligned cybersecurity strategy truly enables the customer, the employee, the regulatory trust and the digital platforms and processes. It is not just a check-the-box compliance activity.’
‘Cybersecurity is a shared responsibility – it’s a team sport for the whole firm, not just the security team, needs to manage it proactively.’
An awareness campaign, a platform for regular interaction between the business and security teams, and the readiness to respond to breaches are some of the enablers of a security-aware and security-ready organisations.