As 2024 unfolds, organizational leaders, from the CEO down, have much on their plates. They are contending with diverse challenges around achieving sustained growth, navigating the impact and risks of emerging technology, and attracting and retaining talent, to name just a few. For their part, Chief Information Security Officers (CISOs) are increasingly being viewed as proactive co-stewards of these ongoing business imperatives — not merely the cavalry leader riding in to save the day during a crisis.
Akhilesh Tuteja, Global Cyber Security Leader, KPMG International said, to delve more into this, KPMG has released it annual ‘Cybersecurity considerations report’, a diverse cross-section of global KPMG cybersecurity specialists explore eight considerations that CISOs and their teams are encouraged to prioritize in the coming year to support the organization’s business growth objectives by mitigating the impact of specific cyber incidents and reducing overall cyber risk exposure. The report emphasizes the importance of leveraging artificial intelligence with a balanced approach to data security.
Eight key cybersecurity considerations for 2024
1. Meet customer expectations, improve trust – With cyber threats and data privacy concerns growing, CISOs should be seeking to work closely with stakeholders across the organization to maintain trust by ensuring operations are resilient in the event of an accident.
2. Embed cybersecurity and privacy, for good – The act of embedding security across the organization should be viewed as an exercise in driving operational excellence.
3. Navigate blurring global boundaries – A central consideration that organizations should examine how to most effectively navigate the increasingly complex global business landscape to ensure resilience and business continuity.
4. Modernize supply chain security – Despite the challenges and competing priorities, ensuring the supplier and partner ecosystem is secure should not be a bottleneck; it should be a business enabler.
5. Unlock the potential of AI – carefully – Security and privacy leaders should be supporting the business objectives reliant on AI and determine how to harness this game-changing technology effectively and responsibly.
6. Supercharge security with automation – As operating models digitize, security teams should automate and update their processes to keep pace.
7. Make identity individual, not institutional – Driven by expanding business models, it’s vital that organizations now view identity not in isolation but from a broad perspective.
8. Align cybersecurity with organizational resilience – Organizations should find a way to create a broad-ranging culture of resilient security throughout the enterprise and seek to ensure all stakeholders are on the same page.
Cyber strategies for 2024
Following are some recommendations for CISOs to consider as they seek to accelerate recovery times, reduce the impact of incidents on employees, customers, and partners and aim to ensure their security plans enable — rather than expose — the business.
People
Connect with your organization’s ESG team to determine whether they consider cyber a key aspect of their mandate. If not, work to build awareness of how and why it’s important to all three areas of ESG
Bring a new perspective to the board on what could disrupt the business and what should be done to manage those risks without impacting operations and customer experience.
Foster organization-wide behaviors and cultural alignment to prioritize what truly matters to the organization in terms of data, services and infrastructure.
Process
Run the cyber team like a business, which means you must give up a degree of control over what other parts of the organization are doing from a security perspective.
Define your initial vision and strategy for automation.
Enhance transparency to build trust across global supply chains
Take a risk-based approach to assessing third-party processes rather than a blanket approach
Data and Technology
Identify what data the organization has centrally accessible and define an automated continuous controls monitoring plan
Ensure the purpose of AI algorithms, whether developed in-house or externally, is clearly defined and documented and training data is relevant, appropriate for the business objective, and secure consent
Leverage intelligent automation to gain higher visibility into the changing supplier risk profiles and build a sustainable and scalable forward-looking third-party program.
Regulatory
Sharpen your global regulatory intelligence around cyber in general and ESG and privacy in particular to ensure timely compliance and reporting
Align your AI framework with current standards and develop solid AI governance by aligning the priorities of the various business leaders in the organization
Maintain an understanding of the global regulatory landscape