Cyber impacts on us all. For most non-cyber leaders, cyber remains a mystery. While the risk of threat may be recognised, the impact is often hard to understand or appreciate. Deloitte’s podcast series, Demystifying Cyber, attempts to demystify cyber for business executives.
Companies are getting more and more digitalised every day. This raises questions like: How can a company’s data be secured most efficiently? and How can awareness of cyber be raised among executives, board members and individuals? Simultaneously, companies’ cyber budgets continue to grow, but where does all the money go? Marco Wirén, CFO for Nokia and Vice-chair of the board of directors in Neste, and Karthi Pillay, a partner and Cyber Risk Leader of Deloitte Finland, discuss the impact and meaning of cyber in the first episode of Demystifying Cyber.
In 2021 Deloitte conducted the Future of Cyber Survey for which 600 C-suite executives were interviewed. According to the survey, companies feel that innovation and the digital world have advanced extensively while the risk management is lagging behind. ‘The speed of digitalisation is so fast. How should we change our ways of working? What are the new types of threat?’, ponders Marco.
Communication and continuous training are key to success in cybersecurity
Communication is critical in order for executives – and everyone else – to become more aware of cyber. Most often, cyberattacks come through human interaction, for example, they come in the form of a malicious clickable link. A sense of security is directly linked to employees being aware of cyberattacks and them knowing what to do when detecting an attack. Additionally, continuous training is important. However, the training sessions should be frequent so that cyber is always kept in mind, but also so the sessions are short so they fit into people’s busy schedules.
‘I get daily emails which are malicious. I try to keep in my mind at all times: Who has sent the email? What is the purpose of it? and What should I do with it? If I’m slightly uncertain about how to answer any of these questions, I contact our Cyber Security Department,’ Marco says.
A good Cyber Leader communicates, possesses technical skills and understands business
Key to success in cybersecurity is that a cyber leader has the audience of the CEO and company leadership team, and a mandate to act. According to Marco, cyber leaders should understand the strategy of their company and how cyber is linked to that strategy. However, how cyber is supervised and reported depends on the company.
Technical skills are also extremely important for a cyber leader because the development of cyber is fast. ‘You have to understand what could happen in this area and where to get the expertise to help you,’ Marco says and continues: ‘Be humble. Never think that we have done everything we believe that we should do. What you did today afternoon is not valid anymore because the pace is so fast and the competition is unfair. Competition is not only between companies or individuals. We are also competing against states. And the money put into the criminal side is huge.’
Cyber budget depends on the company strategy
Cyber budgets have grown during the last years, but how do companies know whether they are spending ‘the cyber money’ in the right place? ‘Each company has to make an assessment of what are the risks they are prepared to take, where their biggest vulnerabilities are and how they should be mitigated’, says Marco. He advises companies to have independent third parties conduct cyber risk assessments.
‘What do you want to protect at all costs? What risks are you willing to accept? and What risks will you absolutely mitigate? You direct the flow of spend according to the answers to these questions,’ sums Karthi.
Corporates play a role in cybersecurity of all society, which impacts sustainability
Cyber impacts on us all. The threat is not only to a single company, it is a threat to a whole country. Corporates have a chance to influence sustainability and ethical behaviour in society. Due to this, taking a responsible approach to cyber has a direct impact on trying to achieve sustainability goals.
‘Whatever we are doing in digitalisation will help sustainability. Cyber is a big part of the digitalisation journey,’ Marco states and continues: ‘If we fail here, it could cost us sustainability-wise as well. The more digital we become, the more opportunities we have to become sustainable and protect the environment’.