EY Global Information Security Survey India edition 2020 EY Global Information Security Survey India edition 2020

Authors
Murali Rao

EY India Cybersecurity Leader

Leading voice on cybersecurity, data privacy and enterprise solutions.

Burgess Cooper

Ernst & Young LLP Information and Cybersecurity Advisory Services Partner

Cybersecurity evangelist. Technology enthusiast. Passionate biker.

5 minute read 25 Jun 2020
Related topics Consulting Cybersecurity Risk

This year’s EY Global Information Security Survey (GISS) India edition explores critical cybersecurity issues faced by organizations today.

Cybersecurity teams following a culture of Security by Design can play a crucial role as enablers of transformation. In India, the focus of companies on digital transformation will drive cybersecurity demands and having the cybersecurity team involved from the planning stage for new business initiatives will be imperative. However, making the shift to such a culture will be a shared responsibility. CISOs can — and must — engage more collaboratively with the rest of the business. But boards and C-suites must also commit to a closer working relationship with their cybersecurity colleagues. So must other functions in the business.

  • What is Security by Design ?

    Security by Design is a new approach that builds cybersecurity into any initiative from the onset, rather than as an afterthought, enabling innovation with confidence. It is a strategic and pragmatic approach that works across all parts of the organization. Security by Design remains in the initiative’s lifecycle to help with the ongoing management and mitigation of security risks.

The 22nd edition of EY Global Information Security Survey 2019-20 – India edition, captures the responses of over 190 C-suite leaders and information security and IT executives/managers, representing many of the world’s largest and most recognized global organizations.

A systemic failure in communication

82%

of organizations say that crisis prevention and compliance remain the top drivers of new or increased security spending.

CISOs who do not work collaboratively with colleagues across the business may inevitably be side-stepped by other functions and lines of business which could, for example, launch new products or services that expose the organization to new threats.

Majority of Indian companies are on the path of digital transformation and this technological disruption is identified as the greatest strategic opportunity for organizations. However, the risk of cyberattacks is a major impediment in digitalization progress. Hence, the role of CISOs becomes more important as they need to work more closely with the board and C-suite so that they can embed cybersecurity solutions at a much earlier stage of new business initiatives — a culture of Security by Design.

It is critical for a CISO to embed cyber security into the very cultural fabric of an organization. People, the most valuable and vulnerable assets of an organization, are the threads of this fabric and they should be able to see cyber security as an enabler rather than a roadblock.
Tiffy Isaac
Partner Cybersecurity, EY India

CISOs will therefore be all too aware that they must not neglect business as usual; defending the organization will naturally remain their priority. However, to perform this role effectively, the function will need to adapt. As their organizations transform around them and the external threat landscape evolves, CISOs must be ready for a more proactive role.

Increase trust with a relationships reboot

69%

of organizations say that the relationship between cybersecurity and the lines of business is at best neutral, to mistrustful or non-existent.

If cybersecurity is seen as an obstacle to innovation and transformation — as a function that says no to new initiatives on security grounds — the rest of the organization will inevitably try to sidestep it. But if it can provide workable solutions to any problem, it will be more likely to become a trusted partner.

With Security by Design as the goal, CISOs and their colleagues across the organization — including functions such as marketing, R&D and sales — need to form much closer relationships in order to improve overall business understanding of cybersecurity and meet the mark of Security by Design.

Stronger relationships are vital to the success of the CISO. The best CISOs have taken time to connect with the business deeply, in a trusted way. What they’re trying to do is to make sure that they’re automatically brought into the business, into its strategy and planning and thinking.
Burgess Sam Cooper
Ernst & Young LLP Information and Cybersecurity Advisory Services Partner

The CISO becomes the agent of transformation

68%

of organizations have a head of cybersecurity who sits on the board or at executive management level.

With stronger relationships at business and board levels, a better understanding of the organization’s commercial imperatives and the ability to anticipate the evolving cyber threats, CISOs can become central to their organizations’ transformation.

CISOs play a vital role in today’s digital landscape, acting as business enablers rather than mere risk managers promoting Security by Design and business resilience embedded in the organization’s transformation journey.
Murali Rao
EY India Cybersecurity Leader

The role of CISO will evolve and will require the cybersecurity function to adapt to new ways of working. But the upheaval will be worth it: this is a chance for cybersecurity to become a trusted business partner at the centre of the organization’s value chain, driving transformation and proving its worth.

Now, Next and Beyond of making cybersecurity the heart of business transformation

Making this transition is not straightforward, nor is it the same for everyone. What organizations do next — their CISOs, board and C-suites, and individual functions — will depend on the current state of their cybersecurity functions and the characteristics and objectives of their organizations.

There are, however, five actions that every organization can prioritize to make the most of the opportunity:

  • Establish cybersecurity as a key value enabler in digital transformation
  • Build relationships of trust with every function of the organization
  • Implement governance structures that are fit for purpose
  • Focus on board engagement
  • Evaluate the effectiveness of the cybersecurity function to equip the CISO with new competencies

Cybersecurity leaders must have commercial sense, an ability to communicate in language the business understands, and a willingness to find solutions to security problems rather than saying no. As the business models evolve to adjust to the new normal, CISOs have a great opportunity to enable the business transformation.

Summary

CISOs must embrace the commercial realities facing their organizations in a disruptive marketplace. The rest of the business, from board level down, must ensure cybersecurity is granted a seat at the leadership table. It is time now for business and cybersecurity stakeholders to work together and make the definitive leap towards ‘Security and Privacy by Design.

About this article

Authors
Murali Rao

EY India Cybersecurity Leader

Leading voice on cybersecurity, data privacy and enterprise solutions.

Burgess Cooper

Ernst & Young LLP Information and Cybersecurity Advisory Services Partner

Cybersecurity evangelist. Technology enthusiast. Passionate biker.

Related topics Consulting Cybersecurity Risk