COVID-19, relentless cyber-attacks, insufficient budgets, and complex regulation are some of the reasons cited by chief information security officers as to why a robust cybersecurity strategy is more important now than ever before.

Additionally, national and transnational regulators have warned of a projected increase in cyber-attacks emanating from Russian threat actors, as geopolitical conflicts transpose itself to the cyberspace.

The 2021 EY Information Security Survey has, in fact, shown that 81 per cent of executives worldwide believe that the COVID-19 pandemic forced organisations to bypass cyber security processes, while 77 per cent of organisations have seen more disruptive attacks over the last 12 months, compared with 59 per cent in the 2020 survey. 

Most survey respondents indicated that preventing attacks by external actors has increased in importance during the last year.

Additionally, the profile of the average decision-maker has changed in the past three years. Traditional decision-makers, like CIOs and CISOs, are sharing influence with non-IT executives, such as CEOs, chief financial officers (CFOs), heads of legal and compliance, and business unit leaders. Moreover, boards are demanding more granular insight into their enterprises’ security posture.

The survey results also reveal that simple actions taken now can mitigate current and future vulnerabilities as well as reap substantial rewards later. These include the following:

Focus on zero trust

A holistic approach to security incorporating different cyber principles across people, process and technology. The fundamental concept behind this strategy is the assumption that there are threat actors within and outside the organisation so nothing can be trusted, be it human or machine.

Educate and involve your board

The board must be interested in preventing data breaches and determined to prioritise cybersecurity needs. Organisations should proactively create a board-level executive dashboard to increase their visibility on cybersecurity issues.

Regulators have warned of a projected increase in cyber-attacks emanating from Russian threat actors- Karen Massa

Reinforce the role of the chief information security officer

With the onset of the pandemic, 55 per cent of cybersecurity leaders believed this gave them an opportunity to position themselves as strategic partners to the business. Security leaders must be bold and not confined to the back office. They must be confident in presenting the competitive advantage cybersecurity teams can bring to their leadership teams.

Concepts like ‘Privacy by design’ and ‘Security by design’ give security leaders an opportunity to be much more integrated with the go-to-market activities of the business. That is one way security leaders can add value to organisations as we move forward in an uncertain world.

Spend now, save later

According to the survey, companies that have recently experienced a breach, expect to spend more across all security domains, with vulnerability assessment and access control being the largest areas of investment. To protect themselves, organisations must bolster their cybersecurity capabilities to not only prevent attacks, but also to mitigate the damage and shorten the recovery time.

The study found that corporate cybersecurity budgets increased during the past three years, and that these expenditures are expected to grow in the coming years. Going forward, the single largest increase in spending is expected to be in endpoint security solutions, with network and data centre security close behind.

It is important to note that there is no “one-size-fits-all” solution for cybersecurity. The level of investment and budget should be proportional to your company’s appetite for risk. Regardless, companies should not wait for a breach to occur before evaluating which practices may be appropriate for the company.

EY Cybersecurity, strategy, risk, compliance, and resilience teams help organisations evaluate the effectiveness and efficiencies of their cybersecurity and resiliency programmes in the context of dri­ving business growth and operational strategies. These offerings apply consistently regardless of where they are applied (information technology, operational technology, cloud, etc.), provide a clear measurement of risk and capture current risks to the organisation, and demonstrate how cyber risks will be managed going forward.

Our services can be scaled to the nature, size and risk profile of the organisation and can be combined to form a larger programme or transformation effort.

Karen Massa is business and technology risk consulting manager, EY Malta.

EY Engage, Malta’s Technology Leaders Forum, will be held at the Westin Dragonara Resort on June 1 at 11.30am. The event explores how IT enables organisations to become resilient and competitive during times of disruption. Speakers include Pascal Bornet, a globally renowned keynote speaker and author of the bestselling book Intelligent Automation.

EY Engage is taking place in collaboration with Microsoft and the Malta Chamber of Commerce, Enterprise and Industry, along with event sponsors BMIT Technologies, Newgen Software, SG Solutions, GO Business, UiPath, Exigy, ICT Solutions, Atlas Insurance, Onpoint, eSkills Foundation, Tech.mt, MDIA and Invent3D.  

Networking opportunities, roundtable sessions covering current industry topics, and a panel discussion will also provide a unique setting to collaborate on current industry challenges and trends. For registration, visit  ey.com/en_mt/events/engage 

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.