Cybersecurity: How do you rise above the waves of a perfect storm?

In brief

  • Cybersecurity is under pressure: 81% of execs say that COVID-19 forced organizations to bypass cybersecurity processes.
  • Three challenges stand out: insufficient budgets, regulation complexity, and strained relationships with the business.
  • If CISOs can readdress shortcomings with a security by design approach, they will become enablers of growth in the rebound era.

The EY Global Information Security Survey 2021 (GISS) illustrates the devastating and disproportionate impact that the COVID-19 crisis has had on a function that is striving to position itself as an enabler of growth and a strategic partner to the business.

Through a global survey of more than 1,000 senior cybersecurity leaders, we find CISOs and security leaders grappling with inadequate budgets, struggling with regulatory fragmentation, and failing to find common ground with the functions that need them the most.

Indeed, the upheaval of the global pandemic has created a perfect storm of conditions in which threat agents can act. Since the 2020 GISS report, there has been a significant rise in the number of disruptive and sophisticated attacks, many of which could have been avoided had companies embedded security by design throughout the business.

The CISO’s relationship with the business is also under more stress than before, and the fallout is greater exposure to cyber risk. On top of that, budget restrictions mean CISOs are struggling to bridge the gap between need and funding.

The situation is likely to get worse before it gets better. Organizations want to invest in technology and innovation for the post-COVID-19 era, and they need to ensure resilience for the next major disruption, but many have yet to address the deferred risks and potential vulnerabilities that were introduced during their transformation efforts at the height of the pandemic.

CISOs are at a crossroads. To contend with the complex and draining issues they face, they must act fast. The chapters below outline what cybersecurity leaders need to know now about their current operating environment and what they need to do to transform it.