Table of Contents
In this Help Net Security interview, Mir Kashifuddin, Data Risk & Privacy Leader at PwC, discusses how CISOs can translate cyber risk into business value and secure a more strategic role within their organizations. He explains that aligning cybersecurity with business objectives and leveraging data governance, AI, and financial risk quantification drives resilience and growth.
How can CISOs translate cyber risk into business value and secure a stronger seat at the table?
Our Digital Trust Insights survey shows that fewer than 50% of CISOs are involved in key business decisions like strategic planning, board reporting, and overseeing significant technology investments. This lack of involvement means cybersecurity and secure data enablement are often treated as an afterthought rather than a driver of business resilience and value.
CISOs can elevate their role by aligning cybersecurity initiatives with business objectives, showcasing how trustworthy and secure data is the foundation for business operations, transformation, and growth. This involves implementing a comprehensive data governance program that ensures compliance and enhances data enablement opportunities. By effectively managing the data lifecycle, CISOs can demonstrate how robust cybersecurity practices drive business growth and efficiency, positioning them as a business enabler.
In the era of AI, CISOs are integral to partnering with peer organizations such as Enterprise Data Management to securely identify GenAI patterns that are being envisioned and deployed across an organization. This includes access to public Gen AI services, the use within enterprise software including SaaS, and securing a variety of data pipelines from the sources, processing, RAG, and application interfaces where inputs and outputs are consumed.
How can organizations better quantify cyber risk to resonate with CFOs and board members?
While 87% of executives agree that allocating resources to the highest areas of risk is crucial, only 15% measure the financial impact of cyber threats to a meaningful extent. This gap leaves leadership making decisions based on gut feelings rather than data-driven insights.
Presenting cyber risk in financial terms allows CFOs and board members to make informed decisions regarding cybersecurity investments. Advanced data analytics and AI can help assess potential financial impacts of cyber threats, such as revenue loss or regulatory fines. Implementing a data governance framework further aids in this process by providing a clear understanding of data assets and their associated risks.
Can businesses use cyber risk maturity as a competitive advantage?
Absolutely. A strong cybersecurity posture is no longer just about protection—it’s about competitive positioning. More than half (57%) of executives say cybersecurity directly impacts customer trust, and 49% see it as critical to brand reputation and loyalty. Companies with strong cybersecurity programs are also less likely to experience major breaches, which means fewer operational disruptions, lower financial losses and better experiences for key stakeholders and customers.
Cybersecurity maturity is also becoming a key factor for investors. Organizations that can demonstrate a well-governed, well-protected data ecosystem often attract investment more easily. Integrating privacy considerations into data valuation processes helps with compliance and unlocks new business opportunities, turning cybersecurity maturity into a strategic asset.
How should organizations prioritize cybersecurity spending?
According to our report, 77% of executives are expecting their cyber budgets to increase next year, which gives organizations a unique opportunity to align spending with business priorities. However, only 21% consistently allocate their cyber budgets to their highest-risk areas, leaving many businesses exposed to preventable threats.
To get the most value out of security investments, organizations should focus on two key areas: data protection and cloud security. These are not novel, and remain top priorities for leaders, with data protection being the number one focus for business leaders and cloud security being the number one focus for tech leaders. At the same time, eliminating redundant or obsolete data is critical—storing unnecessary data increases risk and operational costs. Organizations that invest strategically in cybersecurity, rather than reactively, will see the biggest returns in resilience and operational efficiency.
What are the most effective strategies for embedding resilience across business functions?
Despite growing awareness of cyber risk, most organizations are still struggling to fully implement resilience strategies, with only 2% of companies having embedded cyber resilience actions across all business areas. This gap leaves organizations vulnerable to operational disruptions and reputational damage.
Embedding resilience requires a holistic approach that integrates cybersecurity into every facet of the organization and includes:
- Establishing cross-functional data governance teams to foster collaboration between departments, resulting in cohesive data management and protection efforts.
- Developing comprehensive data protection programs to reduce vulnerabilities and enhance overall resilience.
- Promoting a culture of continuous improvement, where data management practices are regularly reviewed and updated, to help the organization to remain agile and responsive to emerging threats.
