RSA Conference 2017 preview: securing the enterprise without killing innovation
The message from CEOs to chief information security officers (CISOs) is clear: protection can no longer come at the expense of innovation.
As the innovation agenda takes center stage for CEOs, CISOs must find ways to gain a seat at the table. To do so, CISOs must understand the security needs of the business and that the business needs security processes and systems that do not overly tax resources or stifle nimbleness.
If the past couple of years have taught big business anything, it is that cyber attacks are no longer a case of if, but rather when. Eighty-six percent of respondents to EY’s 2016 Global Information Security Survey said they do not believe their information security program fully meets their organization’s needs.
Amid this escalating level of threat, C-suite executives and boards have to invest in the best protection. Whether this is through preventing access — enhanced by artificial intelligence (AI) and machine learning — or through intrusion detection and risk mitigation, the core challenge for CISOs remains: how can they deliver cybersecurity without impeding innovation?
In an effort to become — or remain — agile in a fast-changing environment, organizations are scrambling to transform legacy IT systems into digitally driven networks that can power them into the future. This includes adopting technologies that are now table stakes for any organization — social, mobile, analytics and cloud — as well as newer transformative technologies such as the Internet of Things (IoT), AI and robotics. In doing so, however, organizations increase their risk posture substantially as they expose IT and operating technology systems that had once largely remained hidden and safe within the confines of the organization to the world at large.
Current realities faced by many CISOs
These are the daunting realities that many CISOs face as they assemble for the 2017 RSA Conference in San Francisco. How daunting are these realities? Let’s let the statistics speak for themselves:
- 69% — percentage of senior security and IT executives who say that digital transformation is forcing fundamental changes to existing cybersecurity strategies
- 87% — percentage of C-level executives who say that they lack confidence in their organization’s level of cybersecurity
- 49% — percentage of organizations that doubt they are going to be able to continue to identify suspicious traffic over their networks
CEOs and their leadership teams are demanding that cybersecurity not stand in the way of innovations such as robotics and orchestration, IoT, the cloud, AI and machine learning, and blockchain. For many companies, these are the technologies that will make or break the winners of tomorrow. Businesses today require agile and responsive cyber programs that not only comply with the changes to regulatory requirements and protect an organization, but actually enable it to support these innovations with confidence as well.
Cybersecurity that does not stifle
This is an unforgiving position for CISOs to navigate. Managing the sliding scale between cyber risk and business innovation is an ongoing challenge. It requires a deep understanding of the business and the CEO’s agenda, but also the knowledge and skill to protect the company as it disrupts and evolves at a maddening pace.
As this new cyber agenda takes shape, the upcoming RSA Conference arrives with great anticipation. Exploring and debating how and why the CISOs’ world is changing and the best ways to aid, not hinder, the CEO’s growth/innovation agenda is likely to be one of the primary topics of conversation at the show. Given this reality, we urge all CISOs at the show to focus on five key questions:
- In your organization, does cyber protection come at the expense of innovation? Does innovation come at the expense of cyber protection?
- When implementing new technologies, such as IoT, AI and robotics, what business and security pressures do you face?
- How do you advise your leadership on what cyber investments to make for your company? Between prevention and detection?
- How have you redefined your role to support the innovation agenda at your company? Different reporting structure? Support structure?
- Are CISOs prepared to lead in the innovation era? Will they attain a seat at the CEO’s table?
EY will be at RSA 2017, and we look forward to meeting security executives from around the world. We have a unique point of view around how to balance the enterprise’s needs for security and agility, and we welcome the opportunity to discuss it with you. We also invite you to sign up for our next RSA 2017 article, in which we will feature answers to the most pressing questions we heard at the event.
 Top cyber concerns plaguing digital enterprises,” Help Net Security website, https://www.helpnetsecurity.com/2017/01/12/cyber-concerns-plaguing-digital-enterprises/, accessed 1 February 1 2017.
 “Path to cyber resilience: sense, resist, react: EY’s 19th Global Information Security Survey 2016–17,” EY website, http://www.ey.com/Publication/vwLUAssets/ey-global-information-security-survey-2016-pdf/%24FILE/GISS_2016_Report_Final.pdf, accessed 1 February 2017.