5 minute read 27 Oct 2022
security system

If protection starts with perception, how do you see cybersecurity?

Authors
Roman Haltinner

Cybersecurity Competency Leader | Switzerland

Focusing on all aspects of information cybersecurity and business resilience. Passionate about experiencing nature with his family. Likes reading new scientific books while having glass of wine.

Maria Pisà

Director Technology Consulting - Cybersecurity and Digital Compliance | Switzerland

I create environments where everyone can bring their best. On a continuous quest to connect people and solutions, increase diversity and collaboration, drive simplification and change.

5 minute read 27 Oct 2022

We believe the board should focus on cybersecurity – to truly understand why security by design is so important.

In brief
  • Cyber security is a real business risk – not just an IT topic.
  • A high level of board awareness and commitment to cybersecurity is essential.
  • It’s no longer realistic – or appropriate – to expect 100% protection, but security by design can minimize risk.

The disruption of recent years has affected most companies in one way or another. Digitalization has become an integral part of society, business and industry and is increasingly permeating its way into all aspects of our lives. While many have welcomed the recent boost to digitalization, the speed of change also came at a heavy price for some.  Security vulnerabilities increased in volume and complexity during the pandemic – and continue to threaten the business today. We believe that it’s time for a more tangible take on protection.

Millions of devices can now receive and transmit information in real time from anywhere via the internet. The fusion of traditional IT with operational technology also enables companies to process and analyze critical and relevant data of all business processes in real time to make the right decisions based on facts. The increasing use of information technology provides companies with significant competitive advantages; but business processes, reputations and costs can be negatively impacted by poorly secured IT systems.

Growing threat

77%

Percentage of EY GISS participants reporting an increase in disruptive attacks

According to EY’s 2021 Global Information Security Survey, more than half (55%) of respondents say cybersecurity is coming under more scrutiny today than at any other point in their careers. At the same time, more than three in four (77%) warn that they have seen an increase in the number of disruptive attacks, such as ransomware, over the last 12 months.

Cybersecurity in the age of geopolitical  crises and global uncertainties

With cybersecurity attacks increasing both in volume  and intensity, varied bad actors entering  the fray, and board-level engagement  increasing, cyber threats were installed as a main concern for all organizations. Find out more in our latest brochure.

Download here

Against this background, it’s no wonder that the C-suite is turning its attention to cybersecurity. Ideally, the board should have a dedicated security leader, but even then it’s vital for all members of the executive team to understand cyber risk in the wider business context. Only then can business leaders make well-informed business decisions, including on investments, that are based on business-relevant priorities. This also relies on a shift in mindset – from compliance to a fully integrated security concept. In other words, the board needs to embrace security by design.

Rather than avoiding risk altogether, security by design is about enabling trust in people, process and technology so that organizations can manage those risks, lead transformational change and innovate with confidence. Done right, security by design infuses cybersecurity and business resilience into every part of every client’s organization and ecosystem. It means organizations achieve maximum benefit from their cybersecurity and resilience investments and infrastructure, while minimizing risk.

  • Hacker for an hour – more perception for better protection

    Everyone knows that cybersecurity is important. And it’s not an IT problem – it’s a real-world business risk. So it’s crucial to create top-level awareness within the company. With this in mind, EY created a cyber escape room challenge to make cyber risk tangible for our clients’ business executives. The gamified approach  addresses aspects such as password management, physical and logical security and social engineering. The cyber escape room participants have to “hack” themselves out of the room by solving multiple cybersecurity related puzzles and challenges. By using gamification, the participants are reminded of the golden cybersecurity rules. The new understanding and awareness gained is enhanced by EY’s up-to-date overview of current cybersecurity risks and corresponding best practices.

Regardless of industry, all companies stand to benefit from security by design. From finance and pharmaceuticals to recruitment to retail, a trusted and demonstrable security posture is a key factor in attracting new customers and improving loyalty. This is even true when things go wrong. It is often assumed that a security breach will result in negative publicity and a loss of customer trust, followed by a soaring churn rate or lack of new customers. We observe that a well-managed security breach can actually increase brand value.

Expectation

100%

Gone are the days where cybersecurity can – or needs to be – 100% effective.

In today’s environment, security will never be 100% effective, and society is beginning to accept this and respond positively to a security breach if it is handled in the right way. That means taking swift action, committing to full transparency and communicating clearly to customers and the public. Including details of mitigation plans bolsters trust and shows what the organization is doing to prevent and minimize damage. Ultimately, an organization can emerge from a security crisis not with long-term damage but with renewed recognition for values such as transparency, agility and resilience.

Business leaders need to see the importance of cybersecurity for the whole organization. This starts by demystifying the issue at board level. Cybersecurity has never been more relevant – but it needs to be more tangible. When business leaders truly understand risk, the whole organization benefits from an awareness that reduces risk to an acceptable level.

Summary

With the right perspective, cybersecurity makes a decisive contribution to the success of a company and helps protect the business from potentially costly cyber risks.

Acknowledgements: We thank Eliel Mulumba and Semina Hajradinovic for their valuable contribution to this article. 

About this article

Authors
Roman Haltinner

Cybersecurity Competency Leader | Switzerland

Focusing on all aspects of information cybersecurity and business resilience. Passionate about experiencing nature with his family. Likes reading new scientific books while having glass of wine.

Maria Pisà

Director Technology Consulting - Cybersecurity and Digital Compliance | Switzerland

I create environments where everyone can bring their best. On a continuous quest to connect people and solutions, increase diversity and collaboration, drive simplification and change.