There is an urgent need for organisations to shift the cyber and data protection to a boardroom agenda from being the individual concern of the CIOs and technology teams. CISOs, CIOs and CTOs must provide clarity and insights on the following to the management:

(i) In the present scenario where most employees are working remotely, how is the company’s overall cyber posture being improved?

(ii) What changes have they implemented in the security monitoring procedures?

(iii) Are the cybersecurity procedures equally effective in a remote working setup?

(iv) How is management maintaining an effective incident response and recovery function? Are there any challenges being faced?

(v) Considering the increased risk of pandemic related phishing emails, are employees being educated and provided regular training to improve online security?

According to a 2021 EY and ACFE Mumbai Chapter survey, India Inc’s concerns around data privacy (66 per cent), and cybercrime and ransomware (53 per cent) amplified over the last one year. As many as 40 per cent of the respondents said that the biggest challenge regarding data was the limited understanding of relevant regulations in multiple jurisdictions. Moreover, half of the respondents said they did not have a Data Protection Officer in their organisation.

The EY Global Integrity Report 2020 highlights that 62 per cent of global organisations did not have cyber incident response plans in place and 28 per cent said that employees knew little about their organisation’s data security related policies and procedures.

Having a robust forensic readiness plan is key to enhance protection and streamline the process of recovering digital evidence efficiently and minimise the cost of investigation.

A forensic readiness plan should ideally have the following goals:

(a) Gather admissible evidence legally without interfering with business processes; (b) Gather evidence targeting potential crimes and disputes that could have an adverse impact on the organisation; (c) Allow investigations to proceed at costs proportional to the incident; (d) Minimise operational interruptions due to the investigation process; (e) Opting for cyber insurance policy with adequate cover; (f) Conducting periodic reviews to ascertain if all controls are in place.

Cybersecurity incidents often lead to legal ramifications, insurance claims and other regulatory issues. A cyber incident can sometimes be caused due to the actions of an employee, third-party or even the organisation itself. Identifying if the incident occurred due to negligence, malicious intent, fraud or sabotage will need specialised tools and methodologies. The digital transformation of cyber security frameworks will help organisation develop robust monitoring frameworks, efficiently run diagnostics scans and establish and improve incident response strategies.

As part of the cyber risk management strategy, incorporating a comprehensive cyber security incident response plan will help organisations effectively deal with the aftermath of any security breach incidents. Having an experienced strategic team along with investing in innovative technology and digital solutions can help streamline efforts toward remediating cybercrime incidents quickly, while also safeguarding the brand reputation and market position of the organisation.

As cybercrime continues to become more advanced and sophisticated, organisations will need to stay one step ahead by improving their cybersecurity frameworks. Cybersecurity needs to move from the data centre to the boardroom.

As cybersecurity is fundamentally about risk management, organisations need to reduce the risk against cybercrime by understanding the motives, means and methods instituted by cybercriminals and build necessary defences. Organisations need a strong defence always — while cybercriminals need to get lucky only once!

The writer is Partner, Forensic & Integrity Services, EY