Written by Tim Cook
As we continue to digitize our corporations, our infrastructure, and our way of life, we become more exposed to online risk and cyber attacks. The cyber function sits at the heart of how we stay resilient, keep our operations running, and keep our families safe.
We have assembled some easy to remember questions to help evaluate the impact of a cybersecurity function, called the GOLD Standard, focused on Geopolitical risk, Opportunities, Legislation, Dangers, and Staffing. These questions delve into critical aspects of cybersecurity strategy and management, addressing key challenges and opportunities in today's complex cyber landscape. By addressing these considerations, organizations can not only fortify their cyber defenses, but also align their cyber function with the growing demands of the digital age.
GOLD Standard questions
G: Geopolitical risk
How are the geopolitics of cyber being addressed in your enterprise? To what extent does the cyber function help clarify the cyber implications of geopolitical events?
Market observation: Your enterprise is either a pawn to get at something else or a target in your own right. Nation state actors are "compromising telecommunications firms, providers of managed services, broadly used software, critical infrastructure, and industrial control systems for intelligence, collection, attack or influence operations."
How is the cyber function helping create opportunities through cyber due diligence in M&A?
Market observation: "No deal has ever been made worse by performing cyber due diligence; a process that reveals a spectrum of cyber-related strategic deal issues, hidden costs, and operational risks before finalizing an investment in a business. Cyber due diligence provides new insights to detect bad eggs, thereby helping to reduce risk to investor capital whilst offering deal teams a competitive edge to enhance returns."
What are the implications of the new SEC rulings on the approaches you are taking to cybersecurity risk management?
Market observation: "The new SEC cyber rules require public companies to disclose their approaches to cyber risk strategy and governance. Material cyber incidents must be disclosed within four business days."
How effective is your cyber function in helping you anticipate and prepare for these emerging cyber dangers?
Market observations: "AI-enabled cyber attacks are already a threat that organizations are unable to cope with. This security threat will only grow as we witness new advances in AI methodology, and as AI expertise becomes more widely available."
Ninety eight percent or organizations use at least one third-party vendor that has experienced a breach in the last two years.
How are you approaching recruitment, retention, and succession planning in the cyber function?
Market observations: By 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents.
Fifty nine percent of business leaders ranked talent recruitment and retention as a key challenge for managing cyber resilience.
Want to evolve your cyber function? Reach out to Tim Cook, partner and leader of our Cyber practice, for more information.
Never miss insights
Stay in the know with our thought leadership