Skip to main content

Leading the charge: As a business leader, you are at the forefront of cyber transformation

Despite significant investments in cyber security, large-scale breaches still occur with far-reaching consequences. There is something missing in the equation to better protect organisations.

Download the full article
5 MB PDF

What’s missing is a fundamental shift in perspective. Cyber security must be seen not just as a technology issue, but as a business imperative. There needs to be a mindset shift whereby executive management steer their organisation’s cyber efforts. A “technology dominant” approach has never and will never solve the problem, despite technological advancements.

Business leaders have a crucial role in managing cyber security as an operational risk, integrating it into the company's overall resilience strategy. As a business leader, you are the driving force in enhancing your organisation’s overall cyber resilience. By posing the right questions to your security and technology teams, you can shift the focus to achieving full transparency on the organisation’s genuine risk exposure and help these teams to find sustainable solutions that go beyond the implementation of tools. There are five key areas where you play a critical role:

Prioritise key assets for protection, define acceptable cyber risk levels, and ensure your technology and security teams understand business priorities.

You should ask:

  • What are our most important business services and underlying business processes?
  • What are the supporting data assets for these business processes?
  • What types of cyber-attacks present the most severe risks to the business?

Drive simplicity by standardising processes and optimising third-party diversification, streamlining technology, and improving resilience through collaboration with IT.

You should ask:

  • Are our evolving business demands introducing unnecessary complexity?
  • How can we rationalise and standardise our business activities and supporting environment?
  • How can we help IT to ensure a high degree of standardisation and automation is achieved at a technological level?

Strive for modular architecture and automation for swift threat detection, containment, and recovery, enhancing security and driving digital transformation.

You should ask:

  • To what extent do we have an end-to-end overview of our business services and their supporting components so that we can understand their degree of resilience?
  • What modernisation efforts have we undertaken in recent years and what investments are still needed to reach our resilience goals?
  • Are we pushing the scenarios for stress testing far enough to give us confidence in our ability to withstand major cyber attacks?

Work together with technologists to create safe environments which balance security and business performance to prevent human errors and investigate process improvements before adding controls.

You should ask:

  • What do we need to change to create a safe environment in which employee mistakes do not have catastrophic consequences?
  • How are we balancing security measures with operational performance to ensure that security runs smoothly in the background without hindering productivity?
  • Are we sufficiently looking into how we could change the way of working before we decide to introduce further security controls?

Sponsor comprehensive, recurring testing and push the boundaries of stress testing to improve confidence in your recovery capabilities.

You should ask:

  • What formal planning do we have in place to cope with a major cyber-attack and are wesufficiently staffed to respond effectively?
  • Have we identified the relevant cyber crisis scenarios that need support fromexecutives in preparation?
  • Are we clear about the decision-making process in the event of a cyber crisis and do wehave sufficient detailed protocols in place to accelerate both the response and the recovery?
Conclusion

 

A mix of technology reliance, geopolitical dynamics, underinvestment, and complexity has created a perfect storm. At Deloitte, we see cyber threats as a business risk that must be addressed with the full backing of business leaders at the executive level. In today's digital world, business success hinges on how well cyber is integrated into organisational initiatives. Cyber security does not have to be daunting, overly technical, or costly. There is also no need to chase the latest technological hypes, but rather to focus on getting the basics right first. As a business leader, you should direct resources towards activities that have the greatest impact on cyber security, including simplifying and modernising your business processes and applications.

If you would like to know more about taking a holistic and business focused approach to cyber security, contact us.

Get in Touch

Florian Widmer

Partner
+41 58 279 6910

Sian Batra

Senior Manager Cyber
+41 79 592 88 76

Did you find this useful?

Yes
No

Thanks for your feedback

Your feedback is important to us

To tell us what you think, please update your settings to accept analytics and performance cookies.

Need help updating cookies?