Cybersecurity, the Board and the Fourth Industrial Revolution

By Kevin Campbell

It seems like a day doesn’t pass without hearing about a new security breach endangering our personal data. These breaches are forcing organizations to incur significant financial losses as well as the erosion of public trust. Even C-suite executives are finding themselves increasingly held accountable. In our global threat study, PwC found that geopolitical cyber activity continues to be a powerful threat keeping business leaders awake at night. Only 15% of CEOs strongly agree their company can withstand cyberattacks and recover quickly. As PwC’s leading cybersecurity practice partner in the Southeast with over 20 years of experience, I am concerned by this statistic, which truly emphasizes the importance of creating a cyber resilient company.

To increase our collective cyber resilience, it is more important than ever for security executives to foster communication and relationships between the C-suite and board while also preparing their security platforms for the current technological wave: the Fourth Industrial Revolution (4IR).

As a company establishes an effective cyber risk management program, it will face many challenges, including creating an inventory of digital assets and third parties, improving cyber hygiene and employee security awareness training and even patching known vulnerabilities. However, addressing cyber risk isn’t solely the responsibility of the IT department. The board of directors, management, business unit leaders and security groups all need to be involved in getting cybersecurity right, especially if they want to locate unknown cyber risks.

Keeping cybersecurity relevant to business goals is necessary for the board and C-suite to view security efforts as business enablers, rather than business problems or disruptors.

Kevin Campbell

Advisory Services Leader, PwC

The board will be overseeing cyber risk like other business risks, but to make better business decisions regarding cybersecurity, CISOs and other business leaders need to communicate how cybersecurity is an enterprise-wide issue. This means going beyond technical jargon or detailing the number of breaches your security team has prevented. Cybersecurity’s impact can instead be demonstrated on a broader level: the security regulations your enterprise must meet, the findings discovered from security assessments and the security behaviors your employees participate in every day as they conduct business. In order to effectively communicate with the board, you must frame cybersecurity in terms of the business goals it’s helping to achieve and how it’s helping the business become more resilient.

Keeping cybersecurity relevant to business goals is necessary for the board and C-suite to view security efforts as business enablers, rather than business problems or disruptors. The more cybersecurity contributes to business strategy and protects against business risk, the more inclined the C-suite and board members will be to support security advances—especially in the case of employing new technology.

With blockchain, IoT and AI, the Fourth Industrial Revolution has arrived. These new elements are more efficient, automated and provide accurate ways to achieve processes while remaining competitive. The adoption of these technologies will change the business environment across the board.

This is where a strong relationship between security executives, the C-suite and the board can make a world of difference. Business leaders are turning to AI and other technologies to harness data and streamline workflows. Coordinating with them to include cybersecurity from the start of the adoption process is paramount. As a result, you will be able to pinpoint vulnerabilities and risk areas much sooner and be less likely to let unknowns slip through the cracks. At the same time, businesses will be able to reap the benefits of more secure data systems, more efficient customer service and increased consumer trust.

Becoming 4IR ready without the proper cybersecurity controls in place could put your company at a grave disadvantage. Practicing business-driven cybersecurity to protect these new technologies will help prevent the violation of your customers’ peace of mind and trust—elements that should always be at the forefront. Bringing business leaders on board with cybersecurity as early as possible will ensure that both your company and your security platforms evolve together.

Are you looking for blockchain, AI, IoT and other 4IR technologies or advice on how to communicate with the board? Be sure to register to attend Cybercon here.

You can also read further about PwC’s insights on the Global Threat Study and Cyber Resilience, Boards and Cyber Risk, and The Fourth Industrial Revolution.