Business world; Cybersecurity is becoming more important as we embrace breakthrough technologies such as artificial intelligence, blockchain, biometrics, hyperconnected systems and reality to you. KPMG’s “Cyber Security Considerations” report highlights eight of the most important issues to consider this year for businesses aiming to incorporate cybersecurity into all their strategies and operations.
The future of almost all businesses is now built on data and digital infrastructure. As global economies and supply chains are disrupted, companies are increasingly reliant on products, services and the digital infrastructures that underpin them. Groundbreaking technologies such as artificial intelligence, blockchain, biometrics, hyper-connected systems and virtual reality consolidate their place in the business world as phenomena that shape this future. Cyber security is becoming an integral part of business activities, no matter what technology is used. KPMG’s new report, titled “Cyber Security Considerations”, presents the issues that should be considered by businesses aiming to include cyber security in all their strategies and operations.
In KPMG’s report, eight issues that businesses should pay attention to when shaping their cyber security strategies in 2023 are listed as follows:
Trust is the key to success and it’s not just about reputation. Increasing confidence can create competitive advantage and contribute to the bottom line. The future success of any business in the digitizing world can be built on digital trust. Cyber security and privacy are vitally important to this trust. However, the realization of this potential requires the joint commitment of all stakeholders.
According to the data in the report;
- More than a third of institutions agree that increased confidence improves profitability.
- However, 65 percent state that their information security needs are shaped by regulatory compliance needs rather than long-term strategic goals.
- 49 percent of respondents believe that the board sees security as a necessary cost rather than as a way to gain competitive advantage.
Embedding security in a way that helps people work with confidence, make efficient choices, and play their part in protecting businesses, while often difficult, should be a key goal for CISOs. Because it’s easy for people to see security as a barrier, it’s important for CISOs to help change this mindset by addressing security from both people and business-centered perspectives.
On the other hand, organizations also rely heavily on the ability of CISOs to perform critical tasks.
- 79 percent of organizations are confident that CISOs can identify what data is critical across the enterprise.
- 3/4 believe CISOs can identify what their most important data treasures are.
- 78 percent are confident that CISOs know how much of their sensitive data is with third parties and protect it appropriately.
3- A data-centered future should be ensured in the ecosystem where the environmental limit has decreased
It’s not surprising that over the past decade, business models have fundamentally changed to become data-centric, connected ecosystems of internal and external partners and service providers. In this distributed computing world, CISOs and security teams to help mitigate the devastating effects of potential outages or breaches; adopt very different approaches, such as zero trust architecture, secure network access service (SASE), and cybersecurity network models.
- 28 percent of executives cite “lack of confidence in the governance mechanisms in place” as a major factor undermining stakeholders’ confidence in a business’s ability to use and manage its data.
- 32 percent also cite “lack of clarity about why data is needed for a particular service and the benefits of sharing or providing data” as another factor.
- 36 percent are concerned about how their data is protected.
- And 35 percent have concerns about how their data is used or shared.
Gone are the days when security teams focused solely on the security of their business’ IT systems. CISOs need to determine when to hit the brakes, when to outsource cybersecurity, and what talent to keep in-house, now and in the future. Security; it has now become a business delivered through a shared responsibility model between the business and service providers. External partnerships are therefore expected to be vital to success in hyper connected ecosystems, but there are still barriers to such collaborations.
- While 79 percent of respondents to KPMG’s survey say that constructive collaboration with suppliers and customers is vital, only 42 percent say they have done so.
- 60 percent agree that their supply chain leaves them vulnerable to attack.
- And 78 percent of executives are confident that CISOs can secure their data throughout the supply chain.
In the race to benefit from innovation and developing technologies; While security, privacy, data protection and ethical concerns are getting more attention, these issues are often overlooked or forgotten. If these issues are left unchecked, the resulting negligence can lead businesses to not be able to use their potential, especially with privacy regulations in artificial intelligence technology on the horizon. There are growing societal and commercial concerns about the ethical, security and privacy implications of adopting key solutions for automation, such as intelligence and machine learning.
- 78 percent of respondents agree that AI and machine learning pose unique cybersecurity challenges.
- 3 out of 4 respondents say AI and machine learning raise fundamental ethical questions.
- 76% of executives also state that the use of artificial intelligence and machine learning requires transparency in these technologies.
Businesses in almost every industry are transitioning to a product mindset focused on developing network-enabled services and managing the devices that support them. As organizations realize that product safety is also important, CISOs and their teams are joining discussions with engineering, development and product support teams. Gaining experience with the challenges of cybersecurity gives CEOs a clearer picture of how prepared or unprepared they may be.
- While 24 percent of CEOs admitted that they were unprepared for cyber attacks, this rate stood at 13 percent in 2021.
- 56 percent say they are prepared.
- 3/4 of respondents say their organization has a plan to deal with ransomware attacks.
- 3 out of 4 CEOs state that protecting the partner ecosystem and supply chain is as important as building their organization’s cyber defense.
Today, state-sponsored attackers are increasingly able to infiltrate and hijack systems with automated means. Therefore, security operations should be optimized and structured to accelerate recovery of priority services should an attack occur; thereby reducing the impact of attacks on consumers, customers and partners. In this formidable challenge, cybersecurity teams are under pressure to keep up with evolving threats, but the talent gap often hampers security efforts.
- More than half of organizations admit they are behind schedule when it comes to cybersecurity.
- More than 50 percent are confident in tackling a variety of cyber threats, including organized crime groups, insiders, and compromised supply chains.
- 59% agree that attackers exploit vulnerabilities in the supply and procurement chain, but are unsure that their defenses are strong enough to close them.
- According to 40 percent, the number one internal challenge in meeting their cybersecurity goals is the lack of key capabilities and competencies.
Every security system has flaws. At some point, every business can be exposed to a cyberattack. That’s why regulators are increasingly focusing on plausible scenarios, forcing businesses to position themselves to be resilient and resilient, especially in strategically important sectors such as energy, finance and healthcare. Legislators and regulators demand greater transparency and oversight in this regard. This worries many businesses about finding their way through increasingly complex global regulations.
- 36 percent of respondents to KPMG’s survey are concerned about their ability to meet existing or new cybersecurity regulations when outsourcing their operations to digital service providers.
- 31 percent are concerned about critical infrastructures, which are more subject to cybersecurity regulations.
- 28 percent are concerned about current or new regulations regarding the resilience of critical systems.
- 26 percent said they were concerned about more stringent reporting requirements.
Do you need a cyber security strategy for your business? Contact Enkronos team today.