Cyber Risks are top threats to growth in 2022

09/03/22

Views from Chief Information Officer (CIO) and Chief Security officer (CSO)

I recently attended a board meeting, where the Chief Information Officer (CIO) and Chief Security officer (CSO) led wide-ranging discussions about digital transformation projects and security safeguards to protect the company’s data and to fortify its systems against breaches.

The board encouraged heightened investment and vigilance, then moved on to its next item on the agenda - a financial committee presentation leading to a board vote on the acquisition of a company. 

To the surprise of the CIO and CSO, who were still in the room, there were no further discussions on cybersecurity, even though the acquiree was operating in a region where cyber breaches and criminal hacking were endemic. 

The board did not connect the dots between the two items on the agenda. Their view on cybersecurity was more focused on risk dashboards and surveillance, than on the security implications of business decisions; we’ve seen many variations of this situation over the years.

Simply put, far too many boards and CEOs see cybersecurity as a set of technical initiatives and edicts that are the domain of the CIO, CSO and other technical practitioners.

The “So What?” of getting cybersecurity right, needs to be demystified so that it’s part of the broader corporate agenda and not a short shift because of top-line pressures. 

Connecting cyber risks to the decision-making process

At a strategic level, CEOs should incorporate their commitment to cybersecurity into decision-making processes. For example, many organisations might consider cybersecurity risks as part of an M&A review, but how many of them would walk away from a deal because the acquired company would introduce such a risk?

And how many companies would delay a product launch until key cyber vulnerabilities are fixed? How many would question whether entering a new market would open the company to new and potentially devastating cyber-threats?

The pace of technological change is happening faster than the institutional capacity to adapt to it. Therefore, CEOs must create a culture in which companies move fast, but with a commitment to managing risk. 

Given this rapid technological evolution, leaders who are serious about the sustainable growth of their business should weave in cybersecurity objectives into their business priorities in a simpler manner to promote strategic dialogue between the board, CEO and the rest of the C-suite. 

Questions that can help catalyse this conversation

  • How does cyber risk affect your business model’s attractiveness, and does that suggest the need for a “simplification agenda”? 

  • How transparent are the cyber risks and trade-offs associated with your external partnerships, and what would be the pros and cons of simplifying your ecosystem to make them more manageable? 

  • How risky are your IT-enabled legacy processes, and how should you prioritise investments to secure, simplify and transform them to achieve a competitive advantage?

Leadership teams who grapple with questions like these embrace simplicity to boost the odds of making the entire enterprise securable.

 

Vikas Sharma - PwC Mauritius
About Vikas Sharma

Vikas is a Partner at PwC Mauritius and leads the Cybersecurity & Privacy and digital practice.  He has more than 18 years of experience working in Financial Services, Retail, Hospitality, Telecommunication and Public Sector. He is passionate about the success of his clients, while demonstrating ongoing leadership and commitment to excellence. Read more.

Contact us

Vikas Sharma

Vikas Sharma

Regional Consulting & Risk Services (C&RS) Leader, PwC Mauritius

Tel: +230 404 5015

Jean-Pierre Young, ACA, CIA

Jean-Pierre Young, ACA, CIA

Chief Innovation Officer, PwC Mauritius

Tel: +230 404 5028

Ariane Serret

Ariane Serret

Senior Manager, Clients and Markets Development, PwC Mauritius

Tel: +230 4045029

Follow PwC Mauritius