Looking at the history of human civilization as a whole, technology is very much an avant-garde breakthrough. Nevertheless, one key element has remained a constant throughout — the significance of trust.
According to more than a third of respondents from Asia-Pacific (APAC) surveyed by KPMG International, increased trust within the business context comes with improved profitability and better customer retention, along with enhanced business reputation. Stronger commercial relationships, innovation and an expanded market share are also possible if organizations recognize that digital trust matters.
Nonetheless, a report by the World Economic Forum (WEF) — developed in collaboration with KPMG — warns of a widening trust gap between the public and today’s technology providers amid the pervasive adoption of modern digital tech and the proliferation of customer data. The report also notes that recent trust surveys have all registered an alarming decrease in the public’s trust in technology use, and the loss of trust is increasing year by year just as our reliance on digital networks and technologies is accelerating.
It is obvious that organizations are now engaged in an unprecedented ‘data deluge’ as businesses mine data at scale and increase investment in data-driven initiatives. With this arise serious concerns over how effectively that data is being protected, used and shared. This is where the organization’s Chief Information and Security Officers (CISO) play a crucial role in delivering the trust agenda.
The good news is CISOs themselves know what is at stake – as 74 percent of respondents from APAC believe that increasing trust across the stakeholder spectrum is a leading consideration for their cyber-risk program.
The bad news is many are struggling to fulfill them as they still lack a clear mandate from the top to protect their organizations and data, with 73 percent in APAC saying their CISOs do not have the influence they need to protect their organizations fully. More worryingly, 55 percent say senior leaders do not understand the competitive benefits of enhanced trust enabled by better information security.
This suggests that the CISO needs to do more to deliver a cybersecurity reality check from the highest level at the Board and downwards. One way for CISOs to change that perspective may be to
shift away from being too technical — after all, two-thirds of C-suite respondents say that Boards do not understand them anyway. The challenge of stepping into that strategic role remains for CISOs.
Further, in our data-driven reality, CISOs must be ready to embrace a broader agenda and recognize their ability to make significant contributions in areas such as Environmental, Social and Governance (ESG) – by working collaboratively with Data Privacy Officer (DPO) – thus becoming a strategic enabler within their organization. However, more work is needed to make this a reality, as only 21 percent of respondents describe their CISO is an integral part of the ESG team that drives a wide variety of ESG-related activities.
The reimagined role of CISO is also emphasized as we see an acceleration in cybersecurity and privacy regulations globally. 2023 might prove to be an interesting one for Malaysia’s cybersecurity space, with the plausible establishment of a Cyber Security Commission as well as a new regulatory framework on technology risk management by the Security Commission.
Ultimately, stakeholder expectations on data security and transparency will only increase, and CISOs need to work together with top level executives and the Board to ensure that their stakeholders’ trust remains intact. They can do this by building internal alliances, recognizing that they can make significant contributions in areas ranging from the ethics of intelligent automation to ESG. Only then can they ensure cybersecurity is seen as a golden thread that runs through every aspect of business strategy, planning, investment and delivery.
By Ubaid Mustafa Qadiri, Head of Technology, Risk and Cybersecurity, KPMG in Malaysia
