Despite the growing threat of cyber attack, business and government is continue to ignore the risks, allowing attackers to exploit a myriad opportunities, warns PwC.

The risk consultancy is calling on business and government leaders to take ultimate responsibility for cyber security and collaborate together more closely to address this most pressing threat. 

“The cyber security industry is in freefall, “ explained William Beer, a director in PwC’s cyber and information security practice. “Operating securely in the cyber environment is among the most urgent issues facing business and government leaders today. But many organisations have a long way to go if they are to combat the incredible resourcefulness and ability of the attackers. The criminals are nimble and quick on their feet, and this a fast-paced battle. Despite the growing threat, leaders continue to focus on exploiting the opportunities of cyber and are ignoring the risks. 
  
“Cyber security is no longer only in the realm of the CISO or the head of IT; it is up to senior leaders to put this at the top of their agenda and collaborate more closely with other organisations. Public-private organisations, industry bodies and regulators all have a role to play. The message is clear - no organisation in any sector is safe.” 

Ed Gibson, a director in PwC's US forensics practice and a former FBI Special Agent and chief cyber security advisor for Microsoft, UK, added, “We have seen a shift in the last couple of years. Organisations are facing advanced persistent threats and attacks, the scale and nature of which are unprecedented. Hackers used to be the prime source but now we are seeing large groups of highly organised criminals and even countries, sometimes using hackers as part of their operations. 

“The axiom ‘information is power’ has gained even deeper resonance. With so much more data to store, access and analyse companies know that information is now a greater source of power than ever - but only if it is secure.” 

Beer has outlined six key steps that organisations can take to make themselves 'cyber ready':

1. Clarify roles and responsibilities 

The CEO needs to come to terms with the threats from the internet. This will help the organisation to understand the opportunities and realise them securely and sustainably through effective security.

2. Reassess the security function’s fitness and readiness for the cyber world 

Organisations already have IT security functions that may be doing a good job in protecting against traditional threats. But as new risks emerge, the focus needs to be upgrading or transforming the existing capabilities to ensure that the organisation’s responses to its security needs fully encompass cyber security. 

3. Achieve 360-degree situational awareness 

To align its security function and priorities as closely as possible with the realities of the cyber world, organisations need a clear understanding of the current and emerging cyber environment. This demands situational awareness, which is a prerequisite for well-informed decisions on cyber security actions and processes. 

4. Create a cyber incident response team

Traditional organisational structures may have the unintended effect of hampering the quick and decisive responses needed in the cyber environment. Many organisations will already have an incident response team but the speed and unpredictability of cyber threats mean this may need to be adapted and streamlined. A well-functioning cyber incident response team means an incident spotted anywhere in the business will be tracked, risk-assessed and escalated. 

5. Nurture and share skills 

Any organisation needs to invest in cyber skills. However, these are in short supply. Given the restricted supply of cyber-savvy talent, it is up to employers to find new ways of inspiring those with the skills and desire to keep their businesses safe. Some organisations may even want to consider more radical approaches, such as putting younger employees on a board committee focused on cyber security. 

6. Take a more active and transparent stance towards threats 

The unpredictable and high-profile nature of cyber threats tends to engender a defensive mindset. But a number of savvy organisations are now getting onto the front foot by adopting a more active stance towards attackers, pursuing them more actively through legal means, and communicating more publicly about their cyber threats, incidents and responses. By taking a more active stance, the organisation can show that it takes attacks seriously and will strive to bring offenders to justice. 

Share Story: