{{item.videoDuration}}
{{item.title}}
{{item.videoDuration}}
EB new styles XF
Cyber agility: The key to balancing risks and opportunities
As a chief information security officer (CISO), your role is expanding significantly as enterprise risk priorities and threats grow more complex and widespread. Cyber strategy, governance, reporting and risk management practices now face heightened scrutiny from regulators, with the potential for continuous oversight as the political landscape shifts. As cybersecurity becomes increasingly intertwined with the adoption of emerging technologies, CISOs will need to defend against a wide array of threats targeting diverse entry points and surfaces across your enterprise. To stay ahead, take an agile and collaborative approach, integrating resilience and security by design to support innovation, transformation and growth while keeping stakeholders informed on the latest risks.
In the spotlight
Election complicates risk outlook, planning
Risk executives, including CISOs, are no strangers to uncertainty, but they’re now in uncharted waters. Nearly 90% say new risks, regulations and talent challenges are barriers to their goals, finds PwC’s October 2024 Pulse Survey. The US election has added more pressure, with most expecting a rise in litigation, regulations and executive orders.
{{filterContent.facetedTitle}}
{{contentList.loadingText}}
{{contentList.loadingText}}
[90%] of risk leaders say complying with new legislation and regulations is a challenge to achieving their priorities
Source: PwC Pulse Survey, October 2024
What to focus on in 2025
Resilience
Bridge cyber resilience gaps
Rising technology, cloud and information security risks from third-party vendor relationships and supply chains are testing the resilience of many companies. Threat actors are looking to disrupt operations and gain access to businesses through multiple back doors. Staying secure requires continuous vigilance and a holistic approach across people, processes and technology. Organizations prioritizing resilience regularly assess gaps to improve strategies.
CISOs can lead resilience-building efforts by proactively assessing risks and scenario planning, guiding investments to address those risks, implementing training and running simulations and tabletop exercises. This is also an opportunity to align resilience plans with business strategy. Translating how strong enterprise resilience practices can benefit the business is just as important as the plan itself — and may lead to more integrated, collaborative approaches.
Additional ways to bridge cyber resilience gaps
Resilience
Technology risk: So pervasive, it's hard to see
Managing tech risk needs enterprise-wide coordination — leaders must collaborate across silos to identify and mitigate vulnerabilities.
Resilience
Staying above the cloud on risks and controls
Implement cloud transformation strategies for your company while navigating risk and compliance implications.
Cybersecurity and privacy
Ransomware: Four things you need to know
Four things you need to know about the new dangers of ransomware and what you can do to defend yourself.
Risk management
Business continuity planning solutions
Rethink contingency planning to help identify, prepare and prevent events that may disrupt your business activities.
{Only 2%} of executives have implemented cyber resilience actions across 12 areas surveyed
Cybersecurity and privacy
Align cyber investments with business strategy
As a CISO, you’re expected to lead the C-suite on cyber risk management and resilience implementation. Yet CISO involvement in business activities impacted by cybersecurity is still falling short. This disconnect could factor into gaps in readiness and adequate investment to address vulnerabilities and threats. Only 21% of executives usually allocate cyber budget to the top risks to the organization.
To gain executive buy-in, consistently measure and quantify risk in a way that resonates with your C-suite and stakeholders, communicate risks from a business perspective, and demonstrate the direct impact a robust cybersecurity plan can have on your company’s growth trajectory and overall risk profile.
Additional ways to align cyber investments to business strategy
Cybersecurity and privacy
Cybersecurity: The role of CISO in today’s business strategy
Tune into the podcast and explore the importance of cybersecurity in the C-suite and how CISOs are evolving beyond their traditional roles.
Cybersecurity and privacy
Bridging the gaps to cyber resilience: The C-suite playbook
Learn why cyber resilience is crucial with expanding attack surfaces and shifting regulations in PwC's latest survey.
Technology
It’s not the tech, it’s you: How to create measurable outcomes
Find out how to create measurable outcomes and value through digital transformation.
Digital risk
Cyber risk quantified. Cyber risk managed
Quantifying the financial risks of different cyber threats can increase the bang for the cyber buck: it enables you to direct resources to the greatest risks.
{Less than 50%} of CISOs say they are involved to a large extent in strategic planning on cyber investments
Regulation and compliance
Team with the C-suite to foster transparency
The SEC’s cyber disclosure rule prompted organizations to increase the transparency of their enterprise cyber risk management and governance practices to shareholders and customers. This is part of a broader effort from multiple agencies and regulatory bodies to instill trust. The Cybersecurity and Infrastructure Security Agency (CISA) issued a proposed rule to implement the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), and the New York State Department of Financial Services (NYSDFS) finalized edits to its Part 500 cybersecurity regulation. Navigating these newer reporting standards can be even more complex given the constraints of interagency harmonization.
What can you do now? Work with risk and business peers to simplify and contextualize your current cyber posture so non-technical stakeholders understand the company’s cyber risk profile. With this understanding, you can collectively deliver more complete, accurate and defensible reporting to regulators.
Additional ways to team with the C-suite
Regulation and compliance
Unpacking the first wave of form 10K cyber disclosures
What companies reported, what it means (so far) and next steps. What can these form 10K filings tell us about cybersecurity disclosures?
Regulation and compliance
Cyber reporting for critical infrastructure
Discover the implications of proposed updates to CIRCIA and its requirements on covered entities.
Risk management
NIST post-quantum cryptography standards: Key questions and actions for implementation
Learn more on the new post-quantum cryptography standards — and how organizations must integrate these algorithms to protect against future quantum threats.
[13%] point gap in confidence between CISOs/chief security officers and CEOs regarding compliance with AI and resilience regulations
Risk management
Translate cyber risk to the board
Are your cyber risk management capabilities fully aligned to the needs of the business? Advancements in emerging technologies like artificial intelligence and quantum computing, along with an increasingly complex cloud ecosystem, are challenging the status quo. Given the growing demands and regulatory focus, boards are more involved in overseeing cyber risk. CISOs need agile cyber risk management, quantification and governance measures to keep them educated and informed.
To effectively communicate cyber risks as business risks, adopt leading cybersecurity frameworks — such as The National Institute of Standards and Technology (NIST) — and cyber risk quantification practices. These frameworks and quantification methods can help you assess and spotlight priority risks to the board. Armed with these insights, boards can ask the right questions and support you on cyber risk management actions.
Additional ways to translate cyber risk to the board
Risk management
Overseeing cyber risk: the board's role
Cyber risk is an enterprise-wide issue — find out why companies need to build resiliency to address the threat of a breach.
Risk management
Quantum next: Navigating a new cyber landscape
Is your organization ready for a post-quantum world? Learn the steps to take to adopt quantum-resistant tech, and more.
Regulation and compliance
Risk and compliance reimagined: Unlock hidden savings and performance
Learn how organizations can cut costs and improve quality by reimagining risk management and compliance programs.
Generative AI
Managing the risks of generative AI
What do risk leaders need to know to harness trusted generative artificial intelligence? Hint, it starts with governance.
[86%] of executives quantify cyber risk to demonstrate the cyber risk management program’s value
Data security
Enhance data trust and protection measures
Data is the engine for business innovation, transformation and growth. Advances in generative AI (GenAI) have unlocked the potential for faster insights, lifting barriers to scalable analysis through automation and operational enhancements. To seize this transformative upside, data quality, security and governance are imperative to mitigate accuracy, privacy and trust risks. Companies proactively investing in tools and practices to better manage and safeguard their data are a step ahead.
Align with your data leaders to reassess your data governance protocols and priorities. Focus on identifying critical data elements, where they are stored, and verify controls are in place for data quality and security. This is an opportunity to drill down on data accuracy and possible exposure or loss that could compromise customer trust and regulatory compliance.
Additional ways to enhance data trust
Data security
Managing the risks of generative AI
Generative AI's rapid integration into life and business poses profound risks. Learn more in our playbook for risk executives.
Governance
Good governance for AI: 5 real-world insights for risk professionals
Learn why AI governance matters and the key elements for risk, compliance, legal and security leaders.
Data governance
Trust, risk, and opportunity: overseeing a comprehensive data and privacy strategy
While companies use vast amounts of data, find out why it's key to mitigate the risk that comes with new opportunities by protecting data privacy.
[48%] of business executives prioritize data protection and data trust as the top cyber investment over the next year — ahead of tech modernization and optimization
Explore executive insights
Identify the key focus areas of your colleagues.
Follow us
