Cyber and privacy leaders' agenda

Cyber and privacy leaders must act now to tackle today’s most pressing security challenges.

Join the conversation 

#TransformationRealized

 

 Linked in twitter

The COVID-19 crisis has been a wake-up call for CISOs. The business has looked to the cybersecurity team to protect it from an evolving cyber threat, while enabling urgent technology transformation and new growth.

Now more than ever, you need to get your strategies and priorities right. Here's how in four steps:  

  • Reassess your alignment with the business

    Cybersecurity teams have traditionally been strongest when it comes to assessing their capabilities, identifying risk, and building roadmaps for the future. CISOs should focus attention on the elements of cybersecurity where many have been weaker in the past. Specifically, they should look to strengthen their engagement with stakeholders, ensure their alignment to core business goals and objectives, and assess their business partners’ satisfaction with the performance and delivery of security services.

    As their relationships with business partners have deteriorated in recent years, CISOs may now lack the visibility they need to operate in sync with other functions and pursue a strategy that aligns with the business. Explore next steps for CISOs in the articles below.

    Cybersecurity: How do you rise above the waves of a perfect storm?
    Cybersecurity: How do you rise above the waves of a perfect storm?

    The EY Global Information Security Survey 2021 finds CISOs and security leaders battling against a new wave of threats unleashed by COVID-19.

    22 Jul 2021 EY India

  • Review your talent profile

    To respond to the organizational challenges highlighted by EY research, as well as the sophisticated nature of recent high-profile attacks, CISOs need the support of versatile, multi-skilled professionals.

    However, the breadth of skills needed in today’s function is expanding in several directions at once. There is no such thing as a “standard” cybersecurity profile. CISOs need individuals with advanced technical skills, as well as the ability to build interdepartmental relationships. 

    We outline in this article some of the many cybersecurity executive profiles that have emerged in recent years, despite the profession’s relative newness. Each profile has its own area of focus, relies on its own range of soft skills and professional qualifications, and plays an important role in meeting the changing needs of the business.

    Cybersecurity: How do you rise above the waves of a perfect storm?
    Cybersecurity: How do you rise above the waves of a perfect storm?

    The EY Global Information Security Survey 2021 finds CISOs and security leaders battling against a new wave of threats unleashed by COVID-19.

    22 Jul 2021 EY India

  • Focus on four key stakeholder groups

    CISOs are familiar with the principle of “shifting left,” striving to involve cybersecurity earlier on in the transformation and product development lifecycle. The challenges of COVID-19 indicate, however, that shifting left is no longer all that is required. Our suggestion to CISOs is that they shift north, east, south, and west. In practice, this means navigating four key stakeholder groups.

    Addressing the concerns of management, at “north,” means focusing on reporting and accountability, as well as budgeting and resource allocation. Shifting the focus “east,” to regulators, is a case of prioritizing certifications and attestations, along with regulatory mapping. Shifting south is about enhancing standards and testing. And shifting west involves focusing on security and privacy by design, along with certifications and continuous testing.

    If CISOs can position themselves in the center of these four vital stakeholders, they will be in the right place to take their function to the next level of strategic influence.

    Cybersecurity: How do you rise above the waves of a perfect storm?
    Cybersecurity: How do you rise above the waves of a perfect storm?

    The EY Global Information Security Survey 2021 finds CISOs and security leaders battling against a new wave of threats unleashed by COVID-19.

    22 Jul 2021 EY India

  • Build a strong culture of Security by Design

    In the best of times, security is introduced into a digital transformation program late in the process – generally as a compliance item. With inevitable changes associated with greater use of cloud services, third-party outsourcing of core business functions, and/or reduction of internal staff, it is critical that the security team is introduced into the discussion as a business risk function.

Despite ongoing uncertainty over budgets, EY research reveals that leaders expect to invest in the following areas:

  • Identity and access management

    The shift to remote working during the COVID-19 pandemic brought the importance of robust identity and access management (IAM) practices firmly into the spotlight. It has become an integral pillar of an organization’s security infrastructure as the business demands better access controls in a less controlled network environment with shared platforms.

    The increased use of personal devices and remote access to core business systems increases the threat landscape of businesses. However, adoption of new IAM controls and processes will mitigate the cyber risks and threats for organizations.

    What can security leaders do now, next and beyond?
    1. Now – solve the current crisis
      Perform an impact assessment of remote working, IAM processes, and secure access to critical and non-critical applications. Support contingency programs including IAM process simplification and work-arounds, and re-organize IAM operations to accelerate execution and monitoring of remote and privileged access.
    2. Next – steps for year-round
      Assess the appropriateness of remote access by critical/non-critical application, and review the revised access controls with your compliance teams. Also gain buy-in from your compliance team for simplified procedures, including access to business applications.
    3. Beyond – resiliency and risk management
      Enhance your IAM capability through improved contingency processes, awareness, reporting, technology and collaboration.

  • Data protection and privacy

    It is well understood that privacy needs to evolve. This is driven by technological developments as well as changes in societal attitudes and perceptions – ordinarily rooted in national and cultural factors – which are highly reactive to the perception of peripheral events. 

    Now, in the midst of the COVID-19 pandemic, we must ask ourselves … what happens next? Have consumer perceptions of privacy fundamentally changed? Have our perceptions about trustworthiness of government and business shifted? Is there an opportunity for governments and businesses to redefine approaches to collection and use of personally identifiable information (PII) moving forward?

    How to successfully embed a culture of Privacy by Design
    How to successfully embed a culture of Privacy by Design

    Protecting personal data, and how it is gathered, stored and used has taken on a new urgency as a result of fast emerging technologies.

    20 Oct 2020 Tony De Bos

  • Co-sourcing and outsourcing

    Cybersecurity is increasingly diverse and complex and is now a critical function to enterprise risk management, requiring constant proper due care. The COVID-19 pandemic has demonstrated the negative impact of rapid operational disruption. The need to temporarily redirect internal resources, to meet a surge in certain areas or obtain specialized resources, can make adding an outsourcing partner to your strategy a sound component to your business risk management efforts.

    At minimum, seeking help with critical cybersecurity operational functions, such as cyberthreat detection and response or identity and access management, might be the right decision.

    How managed services can accelerate business transformation
    How managed services can accelerate business transformation

    As businesses rebuild, transformation and the ability to think differently are critical – managed services can be the solution.

    9 Oct 2021 Paul Clark

    COVID-19 pandemic: How banks can increase resilience against financial crime
    COVID-19 pandemic: How banks can increase resilience against financial crime

    A more agile, efficient and resilient approach to financial crime compliance can give banks the confidence to recover faster and stronger.

    16 Jul 2020 Dai Bedford

Show more

How EY can help

Privacy & Cyber Response

From investigation, to litigation and regulatory response EY Privacy and Cyber Response professionals assist organizations to navigate through complex cyber attacks.

Read more
Discovery & Analytics

The diversity and dispersion of digital information continues to grow as the legal and regulatory environments become more challenging. From pre-litigation information management to post-matter data disposition, we offer managed services across the entire discovery life cycle.

Read more
Incident Response and Resilience

The risk landscape for companies is constantly shifting, with cyberattacks and natural disasters striking more frequently with increasing severity. EY teams are dedicated to assisting clients to prepare for and financially recover from such incidents.

Read more
EY Virtual Ethics and Compliance Manager

EY Virtual Ethics and Compliance Manager helps compliance, ethics and investigation functions accelerate their digitization journey and transform business operations by adopting a managed services approach.

Read more
Cybersecurity, strategy, risk, compliance and resilience

EY Cybersecurity, strategy, risk, compliance and resilience teams can provide organizations with a clear picture of their current cyber risk posture and capabilities, giving them an informed view of how, where and why to invest in managing their cyber risks.

Read more
Next generation security operations and response

Our Next generation security operations and response services along with a deep portfolio of consulting, implementation and managed services, can help organizations build a transformation strategy and roadmap to implement the next generation of security operations.

Read more
Cybersecurity Architecture, Engineering & Emerging Technologies

EY services are designed to help organizations protect their enterprises from adversaries that seek to exploit weaknesses in the design and operation of their technical security controls, including disruptive technologies such as cloud computing, blockchain, and Internet of Things (IoT).

Read more
Data protection and privacy

EY data protection and privacy services help organizations stay up-to-date with leading services in data security and data privacy, as well as complying with regulation in a constantly evolving threat environment and regulatory landscape.

Read more
Digital identity and access management

Identity and access management (IAM) is a foundational element of any information security program.

Read more
FedRAMP Assessment for Cloud Service Offerings (CSO)

A third-party FedRAMP assessment can help Cloud Service Offering (CSO) seamlessly navigate through the FedRAMP authorization stages. This can help the organization gain a competitive edge in the federal marketplace and set the organization apart from competitors who are not yet FedRAMP Ready or have not achieved FedRAMP authorization.

Read more

Industry insights

On the agenda (5)

Skip

Cybersecurity

Featured: How an enterprise service mesh will ensure zero trust security for multi-cloud applications
Discover

Transformation Realized™

Featured: Why transformation of technology skills holds the key to navigating the future of workplace
Discover

Risk leaders' agenda

Featured: Why data privacy is emerging as the new norm
Discover

Global Information Security Survey (GISS)

Featured: How will the Data Protection Bill help India achieve its vision of a ‘digital’ future?
Discover

Technology

Featured: Ensuring fraud-free hiring with technology powered employee background check
Discover

Direct to your inbox

Stay up to date with our Editor's picks newsletter. 

Subscribe

Contact us

Like what you’ve seen? Get in touch to learn more.