KPMG research: Building trust through cybersecurity and privacy

Riyadh — KPMG has released the report Cyber ​​Trust Insights 2022, which analyzes five critical steps to building trust through cybersecurity and privacy.

The report surveyed 1,881 executives and conducted a series of discussions with business leaders and experts from around the world to find out how well executives perceive this and what challenges they face. Have you dealt with it or researched what you need to do next.

KPMG has identified five critical steps to building trust through cybersecurity.

1. Treat cyber and privacy as the golden thread woven into your business.

2. Build internal alliances.

3. Rethinking CInformation Security Officer (CISO) role;

4. Secure leadership support. When,

5. Reach out to the ecosystem.

New technologies such as distributed ledger technology (DLT), quantum computing, 5G networks, artificial intelligence (AI)/machine learning (ML), and augmented and virtual reality are developing rapidly and transforming how businesses operate. is expected to

However, the successful deployment of future applications that rely on these technologies (connected economy, smart systems, NFTs, metaverse, etc.) may depend on an organization’s ability to instill trust across multiple dimensions. I have. This means incorporating security and privacy controls with transparency, trust and integrity, the report said.

Organizations know they need to become data-driven or risk agnostic. While many companies are extending AI to automate data-driven decision-making, AI poses new risks to brand and profitability.

Not only can this technology promote inequality and violate privacy, it can limit our ability to make autonomous, personal decisions.

“We cannot blame AI systems themselves for undesirable outcomes. Trustworthy and ethical AI is not a luxury but a business necessity. It cannot be secured without effort and challenge,” said Ton Diemont, Head of Cybersecurity and Data Privacy for Saudi Arabia and the Levant at KPMG.

He said trustworthy AI can only be achieved through a holistic, technology-agnostic, and widely accepted approach to awareness, AI governance, and risk management.

Globally, the expansion of cybersecurity and privacy regulations is accelerating. More than 137 countries currently have some form of data protection regime, often claiming extraterritorial jurisdiction over services provided in those countries and data of their citizens.

A more mature privacy regime is moving to a second generation of regulation and is facing new privacy challenges posed by technology adoption, Demont said, adding that discussions on AI regulation are currently underway in legislation. It shows that it is officially done in the draft of.

Additionally, countries are enforcing increasingly stringent critical infrastructure cybersecurity regulations amid growing concerns about attacks on industrial control systems. These regulations are moving from self-assessments to more prescriptive control frameworks, such as mandatory incident reporting and external audits.

Regulators are also seeking to strengthen the independence and role of CISOs in setting internal control standards, while becoming more prescriptive in their control frameworks, the report said.

With increasing disclosure requirements for ransomware incidents, companies’ requirements for cyber risk transparency are being debated.

Businesses should invest in automating compliance monitoring and reporting. Maintain regulatory oversight. Diemont also advised that privacy and security regulatory trends should be considered when developing new services and products.

Organizations that embrace the ESG agenda can earn customer trust and strengthen their brand. In today’s digital world, boards, investors, regulators, customers, and the public expect transparent reporting on an organization’s cybersecurity and privacy posture.

Stakeholders can be confident that the board and management are appreciative of the social implications of striving to ensure the resilience and integrity of critical services while protecting trusted information. I want to

MeIn KPMG’s Cyber ​​Trust Insights 2022 survey, nearly half (44%) of respondents said cyber security collaboration across the broader ecosystem would help predict attacks.

Collaboration may be desirable, but it’s not always easy. More than a third of his respondents (38%) say privacy concerns are hampering his partnerships with external cybersecurity, and 36% are too revealing about their own security measures. I’m worried about Other issues include regulatory restrictions, lack of support from management, and lack of resources.

According to KPMG’s report, CISOs are now positioned to play a key role as enablers. Acting as one of the ultimate guardians of the organization’s trust, she can be a driving force behind the organization’s success.

“We recognize that CISOs themselves are at stake,” Diemont noted, noting that more than three-quarters (77%) of respondents said that improving trust was the primary objective of their cyber risk program. says there is.

With 45% of C-suite respondents viewing the CISO as a key executive, the profile of the CISO role has increased rapidly over the past five years due to digital transformation, rising cybercrime, and rising regulatory expectations. Growing up, he says.