security system

If protection starts with perception, how do you see cybersecurity?

Authors

Roman Haltinner

Partner, Cybersecurity Competency Leader | EY Switzerland
Maria Pisà

Partner, Cybersecurity and Digital Compliance | EY Switzerland

5 minute read 27 Oct 2022

Related topics

We believe the board should focus on cybersecurity – to truly understand why security by design is so important.

In brief

Cyber security is a real business risk – not just an IT topic.
A high level of board awareness and commitment to cybersecurity is essential.
It’s no longer realistic – or appropriate – to expect 100% protection, but security by design can minimize risk.

The disruption of recent years has affected most companies in one way or another. Digitalization has become an integral part of society, business and industry and is increasingly permeating its way into all aspects of our lives. While many have welcomed the recent boost to digitalization, the speed of change also came at a heavy price for some. Security vulnerabilities increased in volume and complexity during the pandemic – and continue to threaten the business today. We believe that it’s time for a more tangible take on protection.

Millions of devices can now receive and transmit information in real time from anywhere via the internet. The fusion of traditional IT with operational technology also enables companies to process and analyze critical and relevant data of all business processes in real time to make the right decisions based on facts. The increasing use of information technology provides companies with significant competitive advantages; but business processes, reputations and costs can be negatively impacted by poorly secured IT systems.

Growing threat

Percentage of EY GISS participants reporting an increase in disruptive attacks

According to EY’s 2021 Global Information Security Survey, more than half (55%) of respondents say cybersecurity is coming under more scrutiny today than at any other point in their careers. At the same time, more than three in four (77%) warn that they have seen an increase in the number of disruptive attacks, such as ransomware, over the last 12 months.

Cybersecurity in the age of geopolitical crises and global uncertainties

With cybersecurity attacks increasing both in volume and intensity, varied bad actors entering the fray, and boaed-level engagement increasing, cyber threats were installed as a main concern for all organizations. Find out more in our latest brochure.

Against this background, it’s no wonder that the C-suite is turning its attention to cybersecurity. Ideally, the board should have a dedicated security leader, but even then it’s vital for all members of the executive team to understand cyber risk in the wider business context. Only then can business leaders make well-informed business decisions, including on investments, that are based on business-relevant priorities. This also relies on a shift in mindset – from compliance to a fully integrated security concept. In other words, the board needs to embrace security by design.

Rather than avoiding risk altogether, security by design is about enabling trust in people, process and technology so that organizations can manage those risks, lead transformational change and innovate with confidence. Done right, security by design infuses cybersecurity and business resilience into every part of every client’s organization and ecosystem. It means organizations achieve maximum benefit from their cybersecurity and resilience investments and infrastructure, while minimizing risk.

Everyone knows that cybersecurity is important. And it’s not an IT problem – it’s a real-world business risk. So it’s crucial to create top-level awareness within the company. With this in mind, EY created a cyber escape room challenge to make cyber risk tangible for our clients’ business executives. The gamified approach addresses aspects such as password management, physical and logical security and social engineering. The cyber escape room participants have to “hack” themselves out of the room by solving multiple cybersecurity related puzzles and challenges. By using gamification, the participants are reminded of the golden cybersecurity rules. The new understanding and awareness gained is enhanced by EY’s up-to-date overview of current cybersecurity risks and corresponding best practices.

Regardless of industry, all companies stand to benefit from security by design. From finance and pharmaceuticals to recruitment to retail, a trusted and demonstrable security posture is a key factor in attracting new customers and improving loyalty. This is even true when things go wrong. It is often assumed that a security breach will result in negative publicity and a loss of customer trust, followed by a soaring churn rate or lack of new customers. We observe that a well-managed security breach can actually increase brand value.

Expectation

Gone are the days where cybersecurity can – or needs to be – 100% effective.

Cybersecurity – immersive simulations

In today’s complex business landscape, disruptions are inevitable. Equip your board, leaders, and teams with our resilience solutions — featuring immersive simulations — to navigate future challenges, safeguard operations, enhance your reputation and safeguard your financial stability.
Read more
Cybersecurity Transformation

Discover how EY's Cybersecurity Transformation solution can help your organization design, deliver, and maintain cybersecurity programs.
Read more

In today’s environment, security will never be 100% effective, and society is beginning to accept this and respond positively to a security breach if it is handled in the right way. That means taking swift action, committing to full transparency and communicating clearly to customers and the public. Including details of mitigation plans bolsters trust and shows what the organization is doing to prevent and minimize damage. Ultimately, an organization can emerge from a security crisis not with long-term damage but with renewed recognition for values such as transparency, agility and resilience.

Business leaders need to see the importance of cybersecurity for the whole organization. This starts by demystifying the issue at board level. Cybersecurity has never been more relevant – but it needs to be more tangible. When business leaders truly understand risk, the whole organization benefits from an awareness that reduces risk to an acceptable level.

Summary

With the right perspective, cybersecurity makes a decisive contribution to the success of a company and helps protect the business from potentially costly cyber risks.

Acknowledgements

We thank Eliel Mulumba and Semina Hajradinovic for their valuable contribution to this article.

About this article

Authors

Roman Haltinner

Partner, Cybersecurity Competency Leader | EY Switzerland
Maria Pisà

Partner, Cybersecurity and Digital Compliance | EY Switzerland

Related articles

Six New Year resolutions for financial services CISOs

What should be the priorities for financial services cybersecurity teams in 2022?

Tom Schmidt

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Limited, each of which is a separate legal entity. Ernst & Young Limited is a Swiss company with registered seats in Switzerland providing services to clients in Switzerland.