BDO’s cybersecurity guidelines: top ten challenges faced by the C-suite
14 October 2019
Original content provided by BDO
Fact & Figures
- By 2021 cybercrime will cost $6 trillion globally
- Average cost of a cyber data breach is now $7.5 million
- Average cost of cyber liability insurance coverage has increased by 30% each year
- With the growing popularity of the Internet of Things (IoT), there has been a 600% increase in the number of cyber-attacks on IoT-connected devices in the past year
- As a result, the cybersecurity marketplace has grown to a $100 billion industry
- Email scams are gearing up: Phishing remains one of the most popular techniques
C-suite executives are struggling to determine the right strategy and investments to secure their vital data assets, ensure business operations meet evolving regulatory compliance requirements, and reduce the impact of data breach litigations. The best practice to address each of these concerns is to implement a threat-based cybersecurity programme, which takes steps to safeguard against the most likely threats an organisation will face, juxtaposing internal vulnerabilities against the evolving external threat environment.
Based upon our experience with hundreds of companies worldwide, across all industries, the following questions capture the most significant cybersecurity and data privacy challenges faced by the C-suite.
Top ten challenges for the C-suite:
- What are the best methods and tools to identify, track and maintain all data/ information assets with appropriate information governance, data mapping and cybersecurity?
- How can you efficiently and cost-effectively verify identities and control information access?
- What are the best tools and practices to ensure compliance of third parties and supply chain partners with evolving cybersecurity and data privacy regulatory requirements in your country and internationally?
- What is the best method to effectively deliver timely cybersecurity and data privacy education and training?
- Should you invest in acquiring new information security hardware, software and resources to enhance cybersecurity, or is it better to outsource to a proven management security services provider (MSSP)?
- Who should you turn to for advice after a major cyber data breach occurs within your organisation?
- What actions should you take to ensure your organisation is compliant with all the current regulatory requirements for your industry and geographic location, as well as customer contractual requirements?
- What proactive actions can you take to mitigate insider threats and fraud?
- What is the best approach to ensure your organisation has developed an appropriate business continuity plan (BCP)?
- How much cyber liability insurance coverage is sufficient?
BDO recommends a threat-based cybersecurity approach to combat cyber-attacks and mitigate costly cyber data breaches. Such a threat-based cybersecurity approach is forward-looking and analyses a company’s unique threat profile to identify possible risk areas. A number of proactive steps can be taken:
Top ten guidelines for improved business results
- Hire an independent firm to conduct advanced diagnostics, such as email threat assessment, vulnerability assessment, spear-phishing test campaign, etc.
- Hire a dedicated Chief Information Security Officer (CISO) or Data Protection Officer (DPO) who reports to the CEO or General Counsel, to develop a sound cybersecurity and data privacy risk management programme
- Implement advanced software encryption with multi-factor authentication.
- Provide timely and effective cybersecurity education and training programmes for the entire organisation
- Implement a timely and effective software security patch management programme
- Ensure the organisation has developed and implemented a robust information governance programme to map, track and secure all data assets
- Review and periodically test the organisation’s Incident Report Plan
- Review and periodically test the organisation’s Business Continuity Plan and Disaster Recovery Plan
- Conduct or outsource a 24/7/365 managed detection and response (MDR) of the organisation’s information systems, networks etc. using advanced machine learning and AI applications
- Verify the compliance of the organisation and all supply chain partners with all cybersecurity and data privacy regulatory requirements by using independent compliance and risk assessments.
Organisations may not realise how valuable a cybersecurity strategy is until there’s a vulnerability. BDO wants to make sure your organisation never faces that situation. BDO professionals are available to provide guidance and specialised resources surrounding any cyber security issue.