Tata Consultancy Services (TCS) has announced findings from its TCS Risk & Cybersecurity Study, which reveals that cyber executives may not be sufficiently prioritising threats from vulnerabilities within the value chain, beyond the immediate boundaries of their organisations.
When asked to rank where companies will see the greatest number of cyberattacks between now and 2025, ecosystem partners came in last place (10th). At a time when enterprises are increasingly banking on digital ecosystems for their growth strategies, TCS’ survey shows that only 16% of chief risk officers (CROs) and chief information security officers (CISOs) ranked digital ecosystems as a concern when assessing expected cyber targets – only 14% listed the risks from such ecosystems as the top priority arising out of board-level discussions.
“Companies across the globe are increasingly turning to digital ecosystems of partners, vendors and even competitors to reimagine and grow their business. Ignoring the threats originating from these ecosystems represents a blind spot which needs to be addressed urgently,” said Santha Subramoni, Global Head, Cybersecurity, TCS. “One way of reducing the probability of an attack within digital supply chains is to implement a Zero Trust policy – a framework based on the principle of ‘never trust, always verify,’ applied not only to humans but also machines.”
When mapping out priorities between now and 2025, CISOs rank governance, strategy and talent acquisition highly. Ranking highest is the prioritisation of the security posture of the company and defining the controls and standards. Ranked second is establishing a more robust cybersecurity strategy, followed by investing in security talent acquisition and development.
TCS’ study also finds that talent retention directly correlates with how a company stores its information. Cloud-positive organisations were found to have a slight advantage in retaining and recruiting talent with the notoriously hard-to-find cyberskills, compared to those companies who think that on-premises or traditional data centre security is preferable to what is available via the cloud. In fact, embracing cloud platforms gives companies a five-point advantage in recruiting and retaining talent with cyber-risk and security skills.
“As businesses look to keep up with rapidly evolving complexities in cybersecurity, the talent gap is widening,” said Bob Scalise, Managing Partner, Risk and Cyber Strategy, TCS. “Demonstrating a serious commitment to cybersecurity by sustained attention from senior leadership, funding and process changes will be vital to recruiting and retaining top talent.”
Among other findings, the study also highlights:
Some corporate boards may not be sufficiently focused on cyber-risks.
One in six respondents reported that their corporate board of directors considers issues related to cyber-risk and security only ‘occasionally, as necessary, or never’. Companies with higher-than-average revenue and profit growth are more likely to discuss cybersecurity at every board meeting.
Cloud platforms are considered more secure than on-premises and traditional data centres.
Over half (62%) of companies are now as or more comfortable with the security provided by cloud platforms than that of on-premises and traditional data centres, suggesting that the common concern about the cloud in its early days is fading.
The TCS Risk & Cybersecurity Study, published by the TCS Thought Leadership Institute, highlights the most pressing cybersecurity issues facing senior business leaders across Europe and North America. The study is based on the results of a survey of more than 600 CISOs and CROs, from companies with at least US$1 billion in annual revenue, across banking and financial services, utilities, media and information services and manufacturing. Topics include global risk, cybersecurity, resilience and ecosystem/cloud security. The survey took place in February and March 2022.