CISOs should rewrite the playbook for cyber breaches

Major cyber breaches—those costing the victimised company more than US$1 million—were up by a third over the past year, according to the findings from PwC’s latest Global Digital Trust Insights survey. What’s behind the alarming trend? One factor is the increasing interconnectedness of cyber risks.

Consider cloud-related threats, which survey respondents deemed their top concern. What might begin as a single cloud breach can quickly evolve into a persistent and multipronged infiltration, with intruders working from within company systems to extract data and leak it, for example, or launch a ransomware attack.

CISOs and their leadership teams need to respond to these growing threats imaginatively, and with a determination to break through silos. The survey zeroes in on five potential ways to do this.

• Try new ways of managing cyber risk. Use more sophisticated approaches to cyber-risk modelling, such as scanning for threats using formulas specific to your company’s sector, vision and strategy. Try creating a risk-linked performance incentive for bonus-eligible employees, or introducing a bug bounty programme that rewards independent security research. Also introduce a cloud-based, centrally managed identity solution to ensure that access to systems remains secure as your business expands and the number of users grows.
• Use gen AI and managed services to free your teams. Liberating your employees from tedious tasks that can be handled by AI—with the appropriate guardrails in place—and by managed services partnerships can give your people the time and space to ponder new ways to thwart cyber threats.
• Welcome cyber into the boardroom. Making cyber risks and controls a staple topic in the boardroom can help give CISOs a voice in how cybersecurity fits into major strategic initiatives and how it furthers business and revenue growth.
• Frame cybersecurity as more than defensive. Describing cybersecurity as a whole-of-business endeavour is a central part of the CISO’s job nowadays, but still, it can’t be said enough: securing the company against threats—to financial records, to proprietary research, to customer data, to the brand itself—is more than playing defense. The innovations engendered by these efforts can save money and help the business grow.
• Speak a new language. CISOs should talk to customers, investors and business partners in annual security reports in ways that inform and engage. Using common vocabularies—and avoiding insider terminology—can help executives wrestle with the trade-offs, tensions and chaos that happen at the epicenter of innovation.