Why CIOs are Embracing Enterprise Risk Management to Improve Cyber security

Forward-thinking CIOs are not only delivering a clear picture of current risks and readiness, they are also emphasizing the importance of understanding cybersecurity as an enterprise-wide business risk issue. They are taking the lead by explaining why cyberthreats are among the most significant business risks facing their organizations, and how cybersecurity incidents can result in potentially crippling financial, legal, and reputational consequences.

Given the complexity of today’s evolving threats and the technologies and processes used to combat them, that’s not an easy message to formulate. In fact, educating corporate leaders about the importance of cybersecurity risk readiness and well-rehearsed response processes is a challenge for many CIOs.

That’s one reason why PwC developed a role-playing simulation called Game of Threats. The game simulates a realistic data breach scenario that allows executives to see how a cyberattack plays out, from the perspective of both the hacker and the company under attack. The role-playing game helps executives understand the consequences and nuances of breach responses, as well as the importance of ensuring that the necessary cybersecurity resources are available and properly used.

Another way that CIOs are advancing their cybersecurity programs is by adopting new technologies and architectures that can deliver powerful security, privacy, and compliance protection. In particular, forward-leaning CIOs are embracing cloud-based cybersecurity services. In The Global State of Information Security Survey 2015, PwC found that 22 percent of respondents who use cloud computing said they leverage the cloud for security services, in addition to traditional deployments like file storage and hosting of data and applications.

These CIOs are in the vanguard of what PwC sees as a powerful new approach to cybersecurity. In recent years, cloud providers have invested in cutting-edge tools for data protection, threat defense, network security, and identity and access management. More importantly, they also have added infrastructure capabilities that enable them to improve intelligence gathering and threat modeling, better block attacks, enhance collaboration and collective learning, accelerate incident responses, and create secure communications channels.

These capabilities can help CIOs address security threats that arise as more businesses share more data that are sensitive with third-party contractors, suppliers, and partners. To do so, cloud-based cybersecurity services can create an infrastructure that provides third parties with appropriate access to the systems and data they need—without giving them credentials to the corporate network.

Cloud advantages are augmented by the scalability of the underlying architecture, which allows service providers to deliver access to considerably more information security technology than most organizations could afford on their own. Cloud-based security can also significantly reduce the need to purchase, maintain, and enhance technology infrastructure and hire support personnel, enabling companies to address cybersecurity fundamentals at a lower cost.

One thing seems certain: Sophisticated and increasingly damaging cyberattacks are the new normal, and there is no going back. Farsighted CIOs are taking the lead in implementing an adaptive cybersecurity strategy that is based on the fundamentals of Enterprise Risk Management and empowered by technology breakthroughs like cloud-based security. That’s a strategic approach that is likely to define the nature of cyber-risks and responses in the coming decade.