Cybersecurity has now become a concern for the board room and the rest of the hierarchy. According to new research by Infosys Knowledge Institute (IKI), the research arm of Infosys, titled ‘Assuring Digital-Trust’ nearly half i.e. 48 percent of corporate boards and 63 percent of business leaders are actively involved in cybersecurity strategy discussions.
IKI surveyed 867 senior executives from 847 firms with annual revenues over US$500 million. These firms were from countries like the U.S., Europe, Australia and New Zealand (ANZ). The research points out that security has finally taken the center stage
“The outcome of the survey did not come as a shock or something that I hadn’t anticipated,” said Vishal Salvi, CISO and Head of Cyber Security Practice, Infosys in an exclusive interaction with CISO MAG. “The most important trend that is visible from the report is that security is becoming a mainstream issue. It is no longer an afterthought. The industry is aware of it and is taking their steps in precaution to avert cyber-attacks. I am glad to point out that the aspect of cybersecurity is no longer irrelevant, and it has become more fundamental than ever before,” said Salvi.
The report also pointed out that organizations are now finding it difficult to embed security in their enterprise IT architecture due to several factors like lack of cybersecurity talent, and inability to keep up with the technological advancements and evolving threat landscape.
Salvi is of the opinion that the role of CISO has become more defined and dynamic than ever before. “If you think of it as a stage then the spotlight is on the CISO, even though there are many characters, the spotlight is on the CISO. Back in the day, we needed to be heard, and we had to tell everyone that security is important.”
He continued: “All of those were our issues and challenges maybe three or five years back. Today, all those challenges are no longer there because of the way the cybersecurity risks have manifested. You find that it is already the board topic because the spotlight is on the CISO. Now, the new challenge is the challenge to perform and deliver. And you are going to be held accountable for delivery. So, I think the CISO’s role is now moving from trying to influence and create of visibility toward relentless execution and making sure that there has been the right strategy and you have the right execution skills to be able to deliver that strategy. I think that’s how the role is changing at a broader level.”
The study also points out that the top concerns of enterprises are Hackers/Hacktivists (84 percent), low awareness among employees (76 percent), insider threats (75 percent), and corporate espionage (75 percent).
“Even here, cyber espionage from state-back actors takes huge precedence. Corporate espionage is still secondary as many companies are also thinking about the risk of loss of reputation due to indulging in corporate espionage,” Salvi adds.
To combat security threats, over than half of the organizations are focusing on integrated security solutions. Several companies are also following a series of ‘soft’ methods which include training/certifications which is at 61 percent, enablement sessions at 54 percent and creating security awareness among employees at 51 percent.
“As enterprises continue to add new technologies to the business, it is crucial to defend themselves against a sophisticated threat environment,” Salvi said. “We believe a holistic approach to cybersecurity is what it takes to instill digital trust in companies, and this research offers a good understanding of the current cybersecurity landscape. The insights, if applied appropriately can accelerate the cyber defense of enterprises.”