Johannesburg, 25 Oct 2016
A fundamental shift is occurring in the management of cyber risk. The idea that cyber attacks are increasingly likely - and perhaps inevitable - is beginning to take hold among executives and boards.
Business leaders are realising that we have interconnected our world mostly using technologies designed for sharing information, not protecting it. They recognise that they have to trust people - their own employees and the third-parties they do business with - to handle sensitive information and operate critical infrastructure.
And more and more they see that the intimate connection between their strategic agenda and the creation of cyber risk makes it infeasible for them to lock everything down and always put security first.
As a result, many companies are beginning to adopt what Deloitte calls a Secure. Vigilant. Resilient. approach1 to cyber risk, which appropriately balances investments in cyber security with efforts to develop better threat visibility, and the ability to respond more rapidly and more effectively in the event of a cyber incident.
In order to prioritise properly, companies should understand the types of cyber risk they face and be able to gauge their relative likelihood. And just as important, they need to understand the business impacts those risks are likely to involve.
Share