Corporate cyber threats no longer just an IT concern

Mumbai: Cyber threats today are no longer restricted to a company's communications and IT domains, calling for more than just technical controls to avert attacks and protect the business from future risks and breaches, a new report said on Monday.

According to the joint report of the Confederation of Indian Industry (CII) and KPMG, cyber security today embraces multiple units of an organisation like human resource, supply chain, administration and infrastructure. It, therefore, requires governance at the highest levels. 

"It is vital to keep pace with the changing regulatory and technology landscape to safeguard and advance business objectives. Working backwards by identifying and understanding future risks, predicting risks and acting ahead of competition, can make a company more robust," said Richard Rekhy, Chief Executive Officer, KPMG in India.

Titled ‘De-risking India in the new age of technology,' the paper launched at the second CII National Risk Summit 2016 in Mumbai suggested that cybersecurity has started gaining visibility at the top level and is now an essential part of boardroom discussions.

"Well-orchestrated risk management practices help organisations deliver sustainable results by keeping pace with changes in client behaviour, staying ahead of competition, identifying emerging technology trends and business model changes early," added Suresh Senapaty, Chairman, CII National Risk Summit 2016.

Regulators are increasingly holding board members and senior executives of a company accountable for cybersecurity of their company, often with stiff penalties, including but not limited to, heavy fines and legal consequences. 

The leadership level, therefore, needs to be aware of the internal and external cyber threats and incidents that can or are affecting their organisations, the report added. 

"This white paper is our first step to de-risk India. We explore the challenges that organisations face and then suggest the better risk management practices that can be followed in an accelerated environment of cognitive technologies to harness an organisation's potential to the fullest to balance the risks and opportunities," added Mritunjay Kapur, Partner and Head, Risk Consulting, KPMG in India.

According to the paper, an organisation cannot rely solely on technical controls to avert a cyber incident. It needs a combination of the right people, processes and technology to prevent such incidents.

"Robotics and cognitive technologies not only support in managing the risks for an organisation, but can help eliminate potential operational risks. The new-age disruptive technologies bring much needed controls within an organisation," it added.