Chapter 1
Engaging the board
With improved engagement, cybersecurity and the board can communicate more effectively about business priorities and the risks facing the organization, and work together more productively to support the future of the business.
Why the disconnect?
Creating synergy between cybersecurity and the board is a legacy issue that stems from the security function’s origins in IT. It was common for security professionals to rely on technology to solve cybersecurity issues, with little or no input from the board.
Going forward, to adopt an effective security by design culture, cybersecurity must be able to account for business considerations that matter to the board.
Here’s how the cybersecurity function can more effectively engage the board:
- Speak the language of the business and help the board understand the severity and business impact of different risks related to security, with a plan of how to deal with them.
- Build proper alliances across the business and educate the board to help foster commitment and promote the engagement needed to respond to cybersecurity measures.
Establishing a strong relationship and speaking the board’s language can help present cybersecurity risks in a way board members can relate to, expediting funding for initiatives and technologies needed to address the risk facing the organization.
What can you do today?
Across any organization, different departments and priorities compete for budgets. CIOs and CISOs must increasingly make their voices heard. While boards recognize the importance of committing to cybersecurity, they aren’t always given the tools and language to communicate the urgency in business terms.
How EY can help
Cybersecurity, strategy, risk, compliance and resilience
EY Cybersecurity, strategy, risk, compliance and resilience teams can provide organizations with a clear picture of their current cyber risk posture and capabilities, giving them an informed view of how, where and why to invest in managing their cyber risks.
Read more
Chapter 2
Increase cyber budgets to align to future initiatives
Consistent with trends from 2019, Canadian organizations are devoting less revenue to cybersecurity compared to their global peers. However, encouraging evidence shows Canada is ahead of organizations in other countries in terms of budget being spent on securing new technologies and other new initiatives.
Last year’s GISS survey revealed that 86% of Canadian organizations expressed interest in adopting artificial intelligence (AI) in the next 7 years. And this year, there is increased commitment to securing new technologies. Balancing innovation and security is a positive trend for Canada.
What can you do today?
The board needs to understand cybersecurity challenges, and cybersecurity leaders need to better grasp the business agenda. With that shared knowledge, cybersecurity and the board can work collaboratively to identify risks and investment priorities.
Chapter 3
Build productive relationships with every function of the organization
For cybersecurity to play a central role in enabling business transformation, it must formally align with business strategy and integrate with other functions in the organization. This will help to create a mutual understanding of potential threats, the impact to assets and how to best mitigate risk exposure.
What you can do today
- The security function needs to understand the critical assets and operational processes for each line of business.
- Business lines need to understand the impact of critical assets and the possible consequences if they are disrupted.
- These alliances create a better mutual understanding of threats, the impact to assets and how to mitigate risk exposure.
Summary
There is significant opportunity for the CISO, board, C-suite and entire business to collaboratively mature the cybersecurity function in Canada to compete with global peers. By taking action on the recommendations outlined in this report, Canadian organizations can create an environment where the security by design mindset and culture can thrive, empowering cybersecurity as a true driver of business transformation.
Why security by design matters
Our 2020 Global Information Security Survey (GISS) identifies how Canadian businesses can ensure cybersecurity is a critical voice at the business table, built on a foundation of security by design.
Contact us
Like what you’ve seen? Get in touch to learn more.
