EY: home office may be a challenge for most offices

Against the backdrop of mounting threat in an era of disruption, the most forward-thinking cybersecurity functions can be critical agents of change. But this will require organizations to foster new relationships between CISOs, the board and C-suite, and every function of the business.

Based on the findings from this year’s GISS,it is clear that there is now a real opportunity to position cybersecurity at the heart of business transformation and innovation. This will require boards, senior management teams, CISOs and leaders throughout the business to work together to:

1. Establish cybersecurity as a key value enabler in digital transformation — bring cybersecurity into the planning stage of every new initiative. Take advantage of a Security by Design approach to navigate risks in transformation, product or service design at the onset (instead of as an afterthought)

2. Build relationships of trust with every function of the organization — analyze key business processes with cybersecurity teams to understand how they may be impacted by cyber risks and how the cybersecurity team can help enhance the business function around them.

3. Implement governance structures that are fit for purpose —develop a set of key performance indicators and key risk indicators that can be used to communicate a risk-centric view in executive and board reporting. 4. Focus on board engagement — communicate in a language the board can understand; consider a risk quantification program to more effectively communicate cyber risks.5. Evaluate the effectiveness of the cybersecurity function to equip the CISO with new competencies — determine the strengths and weaknesses of the cybersecurity function to understand what the CISO should be equipped with and how