The recent cyber-attack on the Health Service Executive (HSE) brought the challenges facing Chief Information Security Officers (CISOs) into stark focus. Financial Services organisations have been a target for similar attacks on a constant basis over the past decade with a significant increase in threats, for a variety of reasons including the COVID-19 pandemic.
EY’s Global Information Security Survey (GISS) continuously provides insights that our clients need to help them make better and more informed decisions about the cybersecurity issues facing their organisations. This year’s report, which surveyed over 1,400 cybersecurity leaders from around the world, looks at the major impact COVID-19 has had on the function.
CISOs must deal with their organisation’s global cyber risks as well as support their organisations’ efforts to focus on growth, disruptive technology change and increasing regulatory challenges. The question therefore arises as to how can CISOs and organisations see more clearly when cyber threats cross boundaries?
CISOs here in Ireland (and in Europe beyond) should focus on four areas to shift from protecting data to enabling transformation and growth:
In this year’s GISS, 51% of European respondents say ensuring compliance in today’s regulatory landscape can be the most demanding and challenging part of their job. And 61% believe regulation will continue to become more fragmented — and therefore more time-consuming — in the years to come. No wonder. Europe presents a myriad of compliance challenges, with robust European Union-level requirements, such as General Data Protection Regulation (GDPR) and the upcoming Digital Operational Resilience Act (DORA), as well as growing national requirements, particularly on an industry level.
To protect value, CISOs should strike a balance between aligning to national boundaries while mitigating international cybersecurity threats. They should also rethink the way they build their teams and their relationships with other parts of the organisation, including with the Board. To find out more about how CISOs can evolve from data and security protectors to transformation, innovation and growth enablers, read our insights here.
David Spollen – Director, Technology Risk & Cybersecurity email@example.com