Even in times of a global crisis, cybersecurity and privacy threats don’t abate. If anything, the threat level increases as cyber attackers are even more determined and resourceful.
Now more than ever, you need to get strategies and priorities right. Here's how in three steps:
-
Carry out a budget-defensible strategy and project road map
Creating a business-oriented, financially defensible program will make it difficult for business leaders to question the CISO’s approach or redirect resources. Forward-looking CISOs need to reassess their risks – identifying threats, vulnerabilities and potential impacts in financial terms. They should quantify and prioritize implementation and/or operation of controls based on the value they deliver in managing that risk, and orient the project road map to addressing the worst first.
COVID-19: How future investment in cybersecurity will be impacted
The COVID-19 crisis is elevating the importance and value of security leaders and teams.
23 Jul 2020 Kris Lovejoy
How does security evolve from bolted on to built-in?
Cybersecurity has traditionally been a compliance activity, bolted-on by checklist instead of built into every new business initiative.
18 Feb 2020 Kris Lovejoy
Ransomware: to pay or not to pay?
Organizations across the globe need to develop a ransomware payment policy, anticipating a potential future attack.
10 Jun 2020 Kris Lovejoy
-
Consider a program of radical control simplification and integration
We all recognize that the sheer number of tools and data sources we rely on makes them difficult to manage. This may compromise the CISO’s ability to understand and respond to an ever-increasing volume of security alerts. But it is hard to let go – particularly with heightened C-level concern about cyber risk. A recessionary environment is the perfect opportunity to take a step back and simplify the portfolio.
What your post-COVID-19 crisis security clean-up checklist should include
Post-pandemic recovery begins with cleaning up risks.
16 Jun 2020 Kris Lovejoy
How the NIST Privacy Framework can help you better manage risk
This important guidance supports enterprises to embed privacy management in every aspect of their operations, including cybersecurity
1 Jun 2020 Tony DeBos
How to take the sting out of third-party risk management
The development of a data-driven, proactive and action-oriented third-party risk management (TPRM) system could help to provide the solution.
24 Feb 2020 Kanika Seth
-
Build a strong culture of Security by Design
In the best of times, security is introduced into a digital transformation program late in the process – generally as a compliance item. With inevitable changes associated with greater use of cloud services, third-party outsourcing of core business functions, and/or reduction of internal staff, it is critical that the security team is introduced into the discussion as a business risk function.
How to manage cyber risk with a Security by Design approach
Security by Design is a new approach to cybersecurity that builds in risk thinking from the onset, enabling global innovation with confidence.
7 Feb 2020 Kris Lovejoy
How next-generation CISOs can become agents of change
Forward-looking CISOs are pursuing a new role, building stronger cross-functional relationships to support innovation and transformation.
22 Jan 2020 Kris Lovejoy
How will your business bridge the cybersecurity divide?
Security leaders and their boards/C-suites are not always fully engaged on how to confront the systemic risks posed by cyber threats.
16 Jan 2020 Kris Lovejoy
Cybersecurity budgets in flux
73% of security leaders expect their budgets to be impacted by COVID-19. Four in ten (41%) expect a reduction in funding, but about one-third (32%) expect budgets to rise.
Despite ongoing uncertainty over whether budgets will shrink or grow, EY research reveals that leaders expect to invest in the following areas:
-
Identity and access management
The shift to remote working during the COVID-19 pandemic brought the importance of robust identity and access management (IAM) practices firmly into the spotlight. It has become an integral pillar of an organization’s security infrastructure as the business demands better access controls in a less controlled network environment with shared platforms.
The increased use of personal devices and remote access to core business systems increases the threat landscape of businesses. However, adoption of new IAM controls and processes will mitigate the cyber risks and threats for organizations.
What can security leaders do now, next and beyond?
- Now – solve the current crisis
Perform an impact assessment of remote working, IAM processes, and secure access to critical and non-critical applications. Support contingency programs including IAM process simplification and work-arounds, and re-organize IAM operations to accelerate execution and monitoring of remote and privileged access. - Next – steps for year-round
Assess the appropriateness of remote access by critical/non-critical application, and review the revised access controls with your compliance teams. Also gain buy-in from your compliance team for simplified procedures, including access to business applications. - Beyond – resiliency and risk management
Enhance your IAM capability through improved contingency processes, awareness, reporting, technology and collaboration.
How do you switch trajectory at speed when you’re under threat?
There's a long list of organizational vulnerabilities for CISOs to contend with, but some practical steps can help mitigate these.
6 Aug 2020 Kris Lovejoy
COVID-19: How future investment in cybersecurity will be impacted
The COVID-19 crisis is elevating the importance and value of security leaders and teams.
23 Jul 2020 Kris Lovejoy
COVID-19: How CIOs can keep the lights on in the pandemic and beyond
Technology infrastructure is now more important than ever to enable business continuity and create a strong foundation for future resiliency.
18 Jun 2020 Kris Lovejoy
- Now – solve the current crisis
-
Data protection and privacy
It is well understood that privacy needs to evolve. This is driven by technological developments as well as changes in societal attitudes and perceptions – ordinarily rooted in national and cultural factors – which are highly reactive to the perception of peripheral events.
Now, in the midst of the COVID-19 pandemic, we must ask ourselves … what happens next? Have consumer perceptions of privacy fundamentally changed? Have our perceptions about trustworthiness of government and business shifted? Is there an opportunity for governments and businesses to redefine approaches to collection and use of personally identifiable information (PII) moving forward?
How to minimize risk through data disposition
Many organizations are struggling with the challenge of how to dispose of sensitive data but there is a methodology that works.
22 Feb 2021 Varun Sharma
Has lockdown made consumers more open to privacy?
Findings from the EY Global Consumer Privacy Survey reveal that the pandemic is shifting consumers’ expectations of data privacy.
23 Nov 2020 Tony DeBos
How to successfully embed a culture of Privacy by Design
Protecting personal data, and how it is gathered, stored and used has taken on a new urgency as a result of fast emerging technologies.
20 Oct 2020 Tony DeBos
-
Co-sourcing and outsourcing
Cybersecurity is increasingly diverse and complex and is now a critical function to enterprise risk management, requiring constant proper due care. The COVID-19 pandemic has demonstrated the negative impact of rapid operational disruption. The need to temporarily redirect internal resources, to meet a surge in certain areas or obtain specialized resources, can make adding an outsourcing partner to your strategy a sound component to your business risk management efforts.
At minimum, seeking help with critical cybersecurity operational functions, such as cyberthreat detection and response or identity and access management, might be the right decision.
How managed services can accelerate business transformation
As businesses rebuild in 2021, transformation and the ability to think differently are critical – managed services can be the solution.
9 Dec 2020 Paul Clark
COVID-19 pandemic: How banks can increase resilience against financial crime
A more agile, efficient and resilient approach to financial crime compliance can give banks the confidence to recover faster and stronger.
16 Jul 2020 Dai Bedford
COVID-19: How future investment in cybersecurity will be impacted
The COVID-19 crisis is elevating the importance and value of security leaders and teams.
23 Jul 2020 Kris Lovejoy
Case study: creating a smarter, safer grid for new meters
EY teams are helping a national electricity company reinforce its legacy power infrastructure for a trusted, cyber-safe future.


New privacy leaders’ insights series
In a series of interviews, EY and the IAPP explore the impact of the pandemic on privacy leaders’ priorities, practices and programs.
How EY can help
Identity and access management
EY Identity and access management (IAM) services help EY clients to manage the lifecycle of digital identities for people, systems, services and users by giving organizations a clear view of who has access to what resource in the company.
Read moreData protection and privacy
EY data protection and privacy services help organizations stay up-to-date with leading services in data security and data privacy, as well as complying with regulation in a constantly evolving threat environment and regulatory landscape.
Read moreNext generation security operations and response
Our Next generation security operations and response services along with a deep portfolio of consulting, implementation and managed services, can help organizations build a transformation strategy and roadmap to implement the next generation of security operations.
Read moreIndustry insights
Consumer, retail, telco and media
Health and life sciences
Private business
Analyst recognition
Webcasts on-demand
Transformation Realized
Transforming businesses through the power of people, technology and innovation.
Our latest thinking
The team
On the agenda (5)
Cybersecurity
Transformation Realized
Risk leaders' agenda
Global Information Security Survey (GISS)
Technology
Contact us
Like what you’ve seen? Get in touch to learn more.