Cybersecurity is top of mind for many CEOs as business paradigms shift

June 21, 2021
Organizations have willingly shifted to digital and virtual operations, which means more data and more potential attack vectors

The world has shifted to a digital-centric model, with many operations now remote, distanced, and online. The pandemic was a huge catalyst for this, as many businesses scrambled to deal with the change in tides. The digital transformation happened at alarming rates, and for many organizations, it meant adopting completely new paradigms.

This major event and those new paradigms are precisely the reason why cybersecurity has become a top concern. Admittedly, it’s always been a priority or should have been, but with more experiences, tools, and interactions happening in a virtual space, it opens up many new vulnerabilities for the average operation.

According to KPMG’s 2021 CEO Outlook Survey, nearly half (45%) of influential business leaders expect normality to resume in 2022, with one-third (31%) anticipating a return sometime in 2021. Most importantly, about 24% of those leaders say their business has changed forever.

We’re not going back to the way we were before the pandemic, at least not entirely. Many businesses will instead offer a hybrid employee experience, with some employees working on-site and others remaining remote. To do this, digital solutions are key, which presents a unique security challenge.

Cybersecurity is on the minds of every CEO and executive right now. Here’s why.

Data Is Vulnerable

Data has become the lifeblood of so many businesses and operations. Yet, as soon as it’s created, it’s vulnerable. Even with encryption, which is a must in today’s market, data streams can still be accessed and used for nefarious means. The average cost of a data breach to companies worldwide is $3.86 million currently.

To shore up data protection, whether it’s being transmitted, processed, or stored, strong and reliable cybersecurity measures must be in place. What’s more, the appropriate data governance and safety protocols must be followed as well. One example is establishing a verification system that prevents unauthorized users from accessing sensitive data stores.

Network segmentation is another promising method for disrupting would-be attackers by separating some of the more sensitive and mission-critical network connections from those that are open. Internal communications don’t need to be forward-facing and visible outside of the network, for any reason.

In short, data must be protected, and cybersecurity solutions are the only way to make it happen and slow down would-be hackers.

Digital Is King

KPMG also found that about 74% of surveyed business leaders report that operational digitization has accelerated by months, up from 50% in August 2020. Many more companies are investing not only in digital solutions but also virtual-focused experiences and opportunities across the board, including for workers and personnel. The digital world is now King.

As we’ve already established, data is vulnerable, and this shift towards virtual experiences means data will be generated at even faster rates. Cybersecurity is imperative for keeping that information and those digital assets safe, protected, and valuable.

In the KPMG survey, many CEOs identified cybersecurity risks to their company as the number one risk, out of the top three. Regulatory and tax risk are tied for second place, while supply chain risk sits firmly in third place.

Compliance Is Vital

To uphold compliance and security, many laws have been passed to protect not just businesses from cybersecurity attacks, but also the general public. This is especially true in the medical industry, where organizations work with and handle incredibly sensitive patient documents and information.

It makes sense that this would accelerate even more, along with the widespread adoption of remote and digital technologies. Many federal agencies are exploring new concepts and potential regulations for protecting and locking down related systems.

The Department of Defense, for example, recently announced a new program called the Cybersecurity Maturity Model Certification (CMMC). The program is a framework and supplement to the agency's previous DFARS requirements, which were passed in 2017.

The goal of the new program is to establish a review and auditing system to ensure compliance with its previous regulations.

It’s not the only new program or regulatory movement we will see in the coming days. It makes sense to get on the right side of those regulations if only to adhere to security requirements.

Attacks Are Rampant

Although cybersecurity attacks have risen during the pandemic, only 51% of technology professionals and leaders believe their teams are ready to detect them and respond accordingly. Furthermore, only 59% say their teams have the appropriate tools and resources to do their jobs effectively.

As organizations make aggressive changes to their operations, prioritizing digital and virtual experiences, they need to mind the security pitfalls. But this does not appear to be happening. Again, attacks are becoming more prevalent, including malware, spyware, ransomware, and viruses.

WannaCry, from 2017, infected over 200,000 computers in 150 countries in just a matter of days. It was so effective because people had not updated their Windows machines to the latest version, which would have patched the exploit. It’s a rather silly mistake and one that would have been easy to prevent.

But we still see this kind of negligence all the time, which is unfortunate and needs to change.

It’s Time to Take Cybersecurity Seriously

One major point can be taken away from all of this, and it’s that cybersecurity should be made a priority by every company, every employee, and every person, right now. Not tomorrow, not in a week, but today.

Organizations have willingly shifted to digital and virtual operations, which means more data and more potential attack vectors. It also means a much larger impact when a breach or cyberattack does occur.

Coupled with stricter regulations and compliance requirements, a massive proliferation of sensitive and mission-critical data, and the acceleration of cybersecurity attacks, the best conclusion is that security should be a top concern.

From the top-down, starting with CEOs, proper cybersecurity should be adopted, taught, and followed by all.

About the author: Devin Partida covers cybersecurity topics for International Security Journal, AT&T's Cybersecurity blog and, where she is the Editor-in-Chief.