Now, for CEOs to increase their chances of success in applying their cybersecurity strategy, we recommend that they follow the 4Ps:
to) Beginning. Cybersecurity should be on the priority list. The level of investment in this area must be directly proportional to the level of priority it represents for the company. That is, if cybersecurity is in a third level of risk, it must be in a third level of investment. Opening a gap between these factors creates significant risks.
b) Public. Hiring the right people is essential, but let’s consider the budget needs that will ensure a good performance of the area.
c) Priorization. Detecting the operations or essential areas of the company allows to protect “the jewels of the crown”; everything that is crucial for the operation of the business. This prioritization even makes it possible to generate more effective investments.
d) Perception. The closeness between the CISO and the CEO – when actionable metrics are requested, for example – allows us to periodically know the evolution of the state of cybersecurity in the company and locate blind spots that could represent a risk.
The challenges will not stop. Cyber risks advance as technology advances. However, companies must adapt and be prepared for new challenges derived, for example, from the use of hybrid clouds and hybrid work models with diverse devices and networks.
Organizations must have effective strategies that allow them to be preventive and not wait for the attack to defend themselves.
Editor’s note: Fernando Roman is a Partner of Cybersecurity & Privacy Services and Juan Carlos Carrillo placeholder image He is Director of Cybersecurity, Privacy & Forensic Services, both at PwC Mexico. The opinions published in this column belong exclusively to the authors.
See more information about this and other topics in the Opinion channel