Many organisations believe cyber security risk can be managed with a set of security controls they evolve and mature over time. Organisations such as NIST, the ISO and government cyber security agencies around the world, have developed a number of standards and definitions of good practice; all are essentially grounded in the ethos that drove the development of the original standards for Information Security Management some 25 years ago.
However, the world has moved on. Standard approaches to good practice are still necessary, but they are far from sufficient to secure organisations from the threats they face today. The rules are important, but the increasing innovation and motivation of attackers makes it imperative to adapt our approach to security – and play a different game.
Richard Horne’s flagship white paper seeks to prompt a discussion about how our mindset and approach to cyber security now needs to change. It proposes 10 areas where important challenges must be confronted; this evolution will also provide some structure for innovative and disruptive technologies that are beginning to come to market but don’t fit the mould of traditional security controls.
Explore how our seven principles of cyber security governance can help boards manage cyber security risk and take control of their organisations' security.
Our 2024 CEO survey looks into how CEOs are targeting the acceleration and elevation of critical change.
© 2015 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.