Skip to main content

New cyberthreats demand change of culture at boardroom level

security
(Image credit: Shutterstock / Song_about_summer)

To tackle the rising threat of cyberattacks, businesses need a change of culture at the boardroom level, a new report from KPMG argues.

Entitled “From enforcer to influencer: Shaping tomorrow’s security team”, the report asserts that the number of successful cyberattack has risen rapidly since Covid-19 forced most businesses into a remote working environment.

This is partly due to some employees working remotely for the first time, not having healthy cybersecurity practices, or choosing convenience over security.

In order to address the issue, KPMG believes that IT leaders and Chief Information Security Officers (CISO) need to make sure cybersecurity specialists part of the C-suite’s decision-making process, and put digitization at the heart of their future growth strategies.

As part of this process, KPMG says that CISOs must help leaders understand the cybersecurity implications of their choices, attempt to integrate security into governance processes, look for “unconventional and diverse talent” and more.

All of this starts with the recognition, at C-suite level, that digital security experts should be “key players” in the overall decision-making processes, KPMG says, as they’re capable of guiding the future direction of the business, developing robust digital infrastructure, embracing innovation and helping to identify potentially critical threats ahead.

“Organizations have made incredible strides in remote working and collaboration for employees, as well as improving digital customer experience. But this has also reminded us that physical perimeters no longer exist. With increasing reliance on third parties, and the proliferation of Internet of Things (IoT) and other devices, cybersecurity now involves complex ecosystems with a dramatically increased threat potential,” said Fred Rica, Principal, Cyber Services, KPMG US.

“In a marketplace where speed to market is essential, cybersecurity teams are now responsible for building trust and resilience, by forging a pragmatic security culture and helping embed secure by design thinking into every aspect of digital infrastructure and data. To do this, they must see themselves as enablers and facilitators, helping others deliver services and brands that deserve cyber trust amongst customers, employees and society at large.”