Financial Services Ireland

Cyber Security

When cyber threats are crossing boundaries how can CISOs maintain focus?

Read more


The recent cyber-attack on the Health Service Executive (HSE) brought the challenges facing Chief Information Security Officers (CISOs) into stark focus. Financial Services organisations have been a target for similar attacks on a constant basis over the past decade with a significant increase in threats, for a variety of reasons including the COVID-19 pandemic.

EY’s Global Information Security Survey (GISS) continuously provides insights that our clients need to help them make better and more informed decisions about the cybersecurity issues facing their organisations. This year’s report, which surveyed over 1,400 cybersecurity leaders from around the world, looks at the major impact COVID-19 has had on the function.

CISOs must deal with their organisation’s global cyber risks as well as support their organisations’ efforts to focus on growth, disruptive technology change and increasing regulatory challenges.  The question therefore arises as to how can CISOs and organisations see more clearly when cyber threats cross boundaries?

CISOs here in Ireland (and in Europe beyond) should focus on four areas to shift from protecting data to enabling transformation and growth:

  1. Mitigate risk, enable transformation: Seize the initiative and build a business case for investment aligned with the organisation’s strategy.
  2. Protect value across the ecosystem: Work with other parts of their organisation to track how third parties are evolving to support the business’s objectives.
  3. Build new skill sets: Improve their position in the organisation when broadening their skill sets.
  4. Engage in the boardroom: Adopt a value-focused mindset will be able to solve some of the usual function’s difficulties when engaging with their Boards and stakeholders.

In this year’s GISS, 51% of European respondents say ensuring compliance in today’s regulatory landscape can be the most demanding and challenging part of their job. And 61% believe regulation will continue to become more fragmented — and therefore more time-consuming — in the years to come.  No wonder.  Europe presents a myriad of compliance challenges, with robust European Union-level requirements, such as General Data Protection Regulation (GDPR) and the upcoming Digital Operational Resilience Act (DORA), as well as growing national requirements, particularly on an industry level.

To protect value, CISOs should strike a balance between aligning to national boundaries while mitigating international cybersecurity threats.  They should also rethink the way they build their teams and their relationships with other parts of the organisation, including with the Board. To find out more about how CISOs can evolve from data and security protectors to transformation, innovation and growth enablers, read our insights here.

Author:

David Spollen – Director, Technology Risk & Cybersecurity david.spollen@ie.ey.com

David Spollen

Director, Technology Risk
David's Full Profile