Why corporates should recruit a CISO to the board

Companies across the globe could incur US$5.2 trillion, or NZ$8 trillion, in additional costs and lost revenue over the next five years due to cyberattacks, according to a new report from Accenture.

The heightened risk comes as dependency of firms on complex internet-enabled business models outpaces the ability to introduce adequate safeguards that protect critical assets, the report states. 

Based on a survey of more than 1700 CEOs and other C-suite executives around the globe, the report —Securing the Digital Economy: Reinventing the Internet for Trust  - notes that cybercrime from a wide range of malicious activities poses significant challenges that can threaten business operations, innovation and growth, and the expansion into new products and services, ultimately costing companies trillions of dollars. 

The rapid emergence of new technologies is creating additional challenges, as four in five respondents (79 per cent) admit that their organisation is adopting new and emerging technologies faster than they can address related cybersecurity issues. 

Meanwhile, three-quarters (76 percent) note that cybersecurity issues have escaped their control due to new technologies such as the internet of things (IoT) and the industrial internet of things (IIoT). 

Majority of the respondents (75 per cent) believe addressing cybersecurity challenges will need an organised group effort, as no single organisation can solve the challenge on its own. 

Collective leadership

The report calls on CEOs to collaborate with other top executives and also, where possible, with governments and regulators.

Many companies are discovering first-hand that they can’t address internet security alone, it says.

Executives can also commit to sharing information around cyber attacks, thus helping reduce the stigma around these.

“When a company is willing to acknowledge an attack, it paves the way for more transparent work with other organisations and experts, improving their ability to resist new attacks and boosting data reliability,” reports Accenture.

Another recommendation is for corporates to bring the expertise of CISOs (chief information security officers) to the board. This will help ensure security is built-in from the initial design stage and that all business managers are held responsible for security and data privacy. 

This happened to the CIO role some two decades ago when the IT function left the back office to become the nervous system of the business. “Chief information security officers today can follow a similar evolutionary path,” the report states.

“Recruiting a CISO or former CISO to the board provides the opportunity to educate fellow board members, helping them become more cyber savvy and better risk managers. The CISO would gain a deeper perspective on the organisation.

“As a result, the CISO could increasingly articulate how cyber risks are linked with other risks, and inform the business leaders’ strategic decisions.

“Their area of responsibility has become too important to be confined to a single department or buried deep in the CIO organisation,” the report stresses.

Accenture says a US bank has already brought a retired CISO to the board, forging a path for others to follow.

“Managing cybersecurity doesn’t mean simply avoiding software problems. It means ensuring the resilience of the entire business.”

Justin Gray, country managing director, Accenture New Zealand, sums up the report’s implications for Kiwi businesses.

“With the threat of cybercrime rising and types of attacks maturing, businesses across all industries in New Zealand must take heed of this research,” says Gray. 

“We require cross-industry collaboration and leadership to tackle these cyber security concerns, to ultimately unlock the opportunities technology offers New Zealand as part of the global economy.”

Get the latest on digital transformation: Sign up for  CIO newsletters for regular updates on CIO news, career tips, views and events. Follow CIO New Zealand on Twitter:@cio_nz

Send news tips and comments to divina_paredes@idg.co.nz @divinap