CISOs Weigh In On Managing Digital Transformation Risk

January 7, 2020 Justyna Kucharczak

Digital Transformation

Around the world, companies in every industry are executing digital transformation initiatives to accelerate the pace of innovation, gain a leg up on the competition and improve business performance. As part of this push, they’re embracing DevOps methodologies, cloud platforms, and on-demand applications and services to increase business agility and improve economics. Meanwhile, advancements in artificial intelligence, the internet of things (IoT) and robotic process automation (RPA) are helping enterprises transform raw data into meaningful insights and improve productivity.

But, in an era of ubiquitous data, Chief Information Security Officers (CISOs) and security leaders face a host of new challenges their predecessors never encountered. In many ways, it’s like the Wild West as users access on-demand applications from any location using any device. In this new unchartered territory, the risk to confidential data is expanding along with the cyberattack surface.

Security leaders recognize the urgency of a fresh approach to cybersecurity and risk management yet are struggling to drive change within their companies. A PwC Digital Trust Insights survey1 reveals only 53 percent of companies take a proactive approach to cybersecurity by building risk management into digital transformation projects fully from the start.

Making decisions regarding risk management is a core function of the CISO, but they don’t always get the support they need to make those decisions stick. CISOs face a formidable challenge: they’re jockeying for executive mindshare and adequate funding for new programs, all while working to evolve long-standing corporate cultural practices and increase awareness.

Five Digital Transformation Secrets to Success from CISOs on the Front Lines

So how can security leaders overcome these issues and become accelerators for digital transformation? Together with PwC, we sat down with a number of CISOs who played an active role in transformation projects to understand their keys to success. Five common practices emerged from these conversations, which are outlined in a new whitepaper, Managing Risk in the Digital Era.

Among the revelations is the importance of assessing risk for each digital transformation project individually.

With threats coming from every angle, it’s difficult to prioritize cybersecurity projects and investments. Yet given ever-tightening budgets, CISOs are forced to make tradeoffs about which security projects and services they prioritize. The CISOs we spoke with stressed the need to assess risk on a project-by-project basis to effectively evaluate security and compliance concerns and make the best investment decisions.

According to one CISO of a major insurance provider, “There is no one-size-fits-all solution. We assess the risks of every project and every third-party provider individually, and make decisions accordingly.”

By taking a close look at each project, determining the type of data each application consumes, evaluating both internal and external threats and assessing all the systems and vendors involved across the entire application lifecycle, CISOs can reduce exposure and ensure security investments deliver the greatest return.

Other common practices successful CISOs employ to raise security awareness, tear down silos and improve digital transformation outcomes include:

  • Factor in security considerations from day one. By building strong relationships and working closely with technology leaders and line-of-business peers to ensure security is built into every project from the onset, CISOs can help the organization improve results.
  • Foster a security-first culture and mindset. CISOs who focus on improving communications and knowledge – from offering training courses to educating teams on the latest trends – are taking key steps to make security a core competency.
  • Weave security into DevOps systems and practices. CISOs should champion the integration of security into every phase of the DevOps process (i.e., automating security testing, integrating vulnerability analysis) to contain risk without slowing down the pace of development.
  • Improve communications with senior executives and the board. Learning how to communicate security risk in meaningful, relatable terms can help CISOs improve executive awareness and secure funding for critical cybersecurity initiatives.

By assessing each project individually, increasing cybersecurity awareness, building security into the corporate culture and improving executive-level communications, forward-looking CISOs are meeting digital transformation challenges head on. Download the whitepaper or tune in to our recent Data Breach Today podcast, “Digital Transformation: The Privileged Access Imperative” to learn more.


1© PwC. Not for further distribution without the prior written permission of PwC. PwC refers to the US member firm or one of its subsidiaries or affiliates, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see for further details.


Previous Article
Cyber Attacks Against State and Local Governments Surge
Cyber Attacks Against State and Local Governments Surge

Cyber attacks against state and local governments have been dramatically increasing. In 2019 alone, there w...

Next Article
POS Malware Exploits Weakness in Gas Station Networks
POS Malware Exploits Weakness in Gas Station Networks

Who would have thought that the riskiest part of your day would be gassing up your car?  Risky for your wal...