The world is changing. Cyber security issues now top the list of ‘risks to watch’*, ahead of weapons of mass destruction and resource security. While the Internet presents enormous opportunities, the threats are getting more sophisticated and serious and making regular headline news. Vulnerable data equals vulnerable organisations and today it's as much about protecting reputations as operations.
Focusing on IT is still critical, it's not enough. Boards, CEOs and Government leaders need to take a leading role in protecting their organisations. The impact across all sectors and the shared nature of cyber threats means cyber security is a particular focus for collaboration, not least between business and government.
Leadership by a 'Cyber Savvy CEO' who truly understands the risks and opportunities of the cyber world, will be a defining characteristic of those organisations-whether public or private sector-that realise the benefits most effectively.
* World Economic Forum Global Risks 2011 report
What boards, CEOs and other leaders need to do
Boards and leaders need to understand their responsibilities as distinct from other senior executives and plan ahead to protect their reputation, bottom line and share price. It's also important that they recognise threats are as likely to come from within their organisation as outside it, taking steps to ensure they are adequately informed, prepared and able to respond to both threats and opportunities with agility and clarity.
Those responsible for developing their organisations need to seek competitive advantage from innovation in areas like social media, cloud computing and mobility - proactively building Internet advancements into their strategy for growth and differentiation. They should know enough to ask the right challenging questions of their Chief Information Security Officer (CISO), recognising that this is much more than a IT issue for the CISO to fix. They should feel able to respond confidently to challenge from their NEDs, investors and possibly the media. Setting the right tone from the top is also key, developing a culture that minimises behavioural risk.
What CIOs and CISOs need to do
Chief Information Officers (CIOs) and CISOs can help leaders, CEOs and boards understand the new landscape, ensuring that cyber and information security issues have the standing they warrant on the organisation’s risk register. They can also conduct simulations of cyber incidents and be able to recognise when incidents need to be escalated. Acting as champions of the opportunities and benefits of secure information, CIOs and CISOs can help to balance out the cost of managing the risks.
How can PwC help?
PwC is strongly positioned to help clients by combining our board-focused risk resilience expertise with leading edge technical capability, global reach, and an integrated offering provided by teams of specialists from across the firm. We are able to build on our experience advising the boards of the world's leading organisations and work with our Digital Channels Team to help CEOs and CISOs become cyber-savvy, develop the right strategies, structure, culture and governance and understand how to create the optimal balance between the risks and rewards.
Tel: +44 (0)20 7804 2040
+1 (703) 918 3550