Cyber executives may not be sufficiently prioritising threats from vulnerabilities within the value chain, beyond the immediate boundaries of their own organisations, finds the Risk & Cybersecurity Study by Tata Consultancy Services (TCS).
When asked to rank where companies will see the greatest number of cyberattacks between now and 2025, ecosystem partners came in last place (10th).
At a time when enterprises are increasingly banking on digital ecosystems for their growth strategies, TCS’ survey shows that only 16% of chief risk officers (CROs) and chief information security officers (CISOs) ranked digital ecosystems as a concern when assessing expected cyber targets, and only 14% listed the risks from such ecosystems as the top priority arising out of board-level discussions.
“Companies across the globe are increasingly turning to digital ecosystems of partners, vendors, and even competitors to reimagine and grow their business. Ignoring the threats originating from these ecosystems represents a blind spot which needs to be addressed urgently,” says Santha Subramoni, global head: cybersecurity at TCS. “One way of reducing the probability of an attack within digital supply chains is to implement a ‘zero trust’ policy—a framework based on the principle of ‘never trust, always verify,’ applied not only to humans but also machines.”
When mapping out priorities between now and 2025, CISOs rank governance, strategy, and talent acquisition highly. Ranking highest is the prioritisation of the security posture of the company and defining the controls and standards. Ranked second is establishing a more robust cybersecurity strategy, followed by investing in security talent acquisition and development.
TCS’ study also finds that talent retention directly correlates with how a company stores its information. Cloud-positive organizations were found to have a slight advantage in retaining and recruiting talent with the notoriously hard-to-find cyber skills, compared to those companies who think that on-premises or traditional data center security is preferable to what is available via the cloud. In fact, embracing cloud platforms gives companies a five-point advantage in recruiting and retaining talent with cyber risk and security skills.
“As businesses look to keep up with rapidly evolving complexities in cybersecurity, the talent gap is widening,” says Bob Scalise, managing partner: risk and cyber strategy at TCS. “Demonstrating a serious commitment to cybersecurity by sustained attention from senior leadership, funding, and process changes will be vital to recruiting and retaining top talent.”
Among other findings, the study also highlights:
- Some corporate boards may not be sufficiently focused on cyber risks – One in six respondents reported that their corporate board of directors considers issues related to cyber risk and security only “occasionally, as necessary, or never.” Companies with higher-than-average revenue and profit growth are more likely to discuss cybersecurity at every board meeting.
- Cloud platforms are considered more secure than on-premises and traditional data centres – Sixty-two percent of companies are now as or more comfortable with the security provided by cloud platforms than that of on-premises and traditional data centers – suggesting that the common concern about the cloud in its early days is fading.