FEATURE: CYBERSECURITY
• Quantify cyber-risk to drive better
informed capital allocation decisions,
enable performance measurement and
frame cyber-risk in the same economic
terms as other enterprise risks
• Evaluate the cyber-risk implications
of new technology as a continual and
forward-looking process throughout the
lifecycle of the technology
• Manage supply chain risk as a collective
issue, recognising the need for trust and
//////////////////////////////////////////////////////////////////////////
sectors such as manufacturing expect almost
50% of the products they develop to be
‘smart’ or ‘connected’ in some way by 2020,
opening up new revenue streams in data-
driven services.
Supply chain risk
In increasingly interdependent digital supply
chains, cyber-risk needs to be a collective
responsibility. In a world of hyper-connected
MANY COMPANIES FOCUS THEIR
CYBER-RISK MANAGEMENT STRATEGY
ON PREVENTION BY INVESTING IN
TECHNOLOGICAL FRONTLINE
CYBER DEFENCES.
shared security standards across the
entire network, including the company’s
cyber impact on its partners
• Pursue and support public-private
partnerships around critical cyber-
risk issues that can deliver stronger
protections and baseline best practice
standards for all supply chains, there is a critical need for trust
among partners; a lack of trust risks impeding
business performance and innovation.
New tech increases exposure The concept of ‘technological social
responsibility’ – the recognition and
acknowledgement by each company of its
role and cybersecurity obligations within the
supply chain – is on the agenda for many
industry leaders.
Security challenges can manifest whenever
new technology is integrated into business
infrastructure, bringing new and additional
complexity to the company’s technology
footprint. The risks and exposures presented
by new technologies must be weighed
against the potential transformative
business effects and risk tolerance varies
both by industry and by individual company.
Businesses are embracing technological
innovation, and most don’t see cyber-risk as
a barrier. But assessment of new technology
cyber-risk is not as rigorous and continual as
it should be.
The number of Internet connected devices
is estimated to be 75 billion by 2025. As
the world moves closer to an ‘Internet of
Everything’, the amount and variety of
digital assets that are stored, processed and
shared by enterprises rises. Even traditional
36
INTELLIGENTCIO
Every business needs to understand, have
confidence in, and play a role in the integrity
and security of the components and
software of its digital supply chains.
But while many companies recognise the
potential risks their supply chain partners
may pose to their own cyber posture, most
don’t fully appreciate the risk in reverse.
According to the survey, government laws
and regulations are less effective in helping
businesses improve their cybersecurity
posture compared to ‘soft’ voluntary
industry standards and guidance.
Regulations and legislation
Cyber investments
In recent years, regulators globally
have enacted numerous measures to
hold corporations and executives more
directly accountable for ensuring effective
cybersecurity and for keeping customers’
data safe. Many of these regulations and
legal frameworks require a greater degree
of transparency from companies at all levels
of their data handling activities, and in their
cyber-risk management readiness.
Effective cyber-risk management requires
quantitative risk expression.
Although more businesses measure their
cyber-risks economically, there’s a long way
to go for all businesses to embrace this best
practice, and then to apply that quantified
measurement to drive sound cyber-risk
investment decisions. Investments in
www.intelligentcio.com