Thinking strategically, acting holistically on cybersecurity: Are we there yet?

Key takeaways:

?Adrian van Hest of PwC on the impact of digitisation to the organisation’s information security risk profile - and how New Zealand businesses are responding .

?Prof Hossein Sarrafzadeh of Unitec on immediate steps to take to firm up cybersecurity defences.

?IT lawyer Michael Wigley on what to do if your organisation is hit by ransomware.

?Group IT manager Neil Gong of Airedale Property Trust on cybersecurity pointers for SMBs.

?New Zealand snapshots: Who are the individuals or organisations behind the cybersecurity incidents, plus current and future investments by peer organisations and across industries.

No caption

This is the year organisations really need to take it seriously and to invest appropriately and intelligentlyAdrian van Hest, PwC New Zealand

New Zealand organisations are currently transforming their functions and interactions with clients, using an empowered digital platform, says Adrian van Hest, partner and cyber practice leader at PwC New Zealand.

He says the appointment of chief digital officers (CDOs) has been a “very real step change” over the past 12 months, as organisations continue to forge ahead with digitalisation.

However, he believes cybersecurity is a “kind of secondary conversation” for many organisations.

“The challenge with security in the past has always been the generic approach to it, ‘I will do what others would do’ or 'I will do the least I need to do, because it is a cost of doing business'.

''Cybersecurity is still primarily seen as a cost, so we need to mitigate this.

“What is unique in New Zealand is the fact that there is no requirement for organisations to disclose when they lose data.”

The challenge is for organisations to take consumer privacy seriously, van Hest states.

“You are talking about people’s digital lives and keeping their information private. It requires legislation to help drive cultural change. That is what happened internationally.

“Organisations know that if they are the custodians of people’s data, they have to take it seriously. They have to protect it, they have to look after it.”

This demands a cultural change across the organisation, similar to campaigns around health and safety in New Zealand.

“We are very far away from that culture,” says Van Hest, who spoke to CIO New Zealand on the results of the local findings for the 2017 Global State of Information Security Survey.

PwC, CIO and CSO interviewed more than 10,000 respondents across the globe, including 89 business and technology executives from New Zealand, for the 2017 report. The survey was conducted online from April 4, 2016 to June 3, 2016.

So what is van Hest's message to Kiwi organisations?

“It is probably a very worn message but even more prescient, which is that ‘context is key’.

“As organisations have moved to adopt more digital strategies and become more digitally dependent, they really need to have a look at what their risk profile looks like.

“And in order to invest effectively, organisations have to take a personalised approach to their cybersecurity. One that is specific to their business needs, their existing digital ecosystem and their relationships with business partners.”

He further notes New Zealand still has a “high trust environment” and therefore people naturally trust people with their data.

But overseas, he says, digital trust is seen as a real enabler or differentiator in the business.

No caption

Across the globe, 59 per cent of respondents say digitisation of the business ecosystem has led to an increase in security spending.

1 2 Page 1
Page 1 of 2
Security vs. innovation: IT's trickiest balancing act