301.519.9237 exdirector@nesaus.org

1.3.19 – SSI – SSI Staff

Chuck Saia, Deloitte CEO of Risk and Financial Advisory, delivers advice to avoid and combat cybersecurity risks in the new year.


In 2018, more than 600 known cybersecurity data breaches exposed more than 22 million records, according to Statista. Despite the massive number of breaches, professional services firm Deloitte recently found that only 25% of organizations are scenario planning to defend against these attacks.

With consumer and employee displeasure with corporate leaders only continuing to grow, and calls for regulation coming from elected officials, it is crucial that leaders begin to regulate themselves by prioritizing cybersecurity to make their business stronger.

With seemingly omnipresent cyber risks threatening consumers and businesses, Chuck Saia, Deloitte CEO of Risk and Financial Advisory, delivers the following seven tips to avoid and combat cybersecurity risks in the new year.

1) War Game & Scenario Plan

In a recent survey, Deloitte found that nearly all CEOs believe their organizations will face serious threats and disruptions to their growth prospects in the next two to three years. Despite the massive number of breaches this year and war gaming being the best way for businesses to plan ahead and defend against these attacks. In 2019, leaders must push their organizations to plan for and monitor for these attacks.

2) View Cyber Risks Through a Business Lens

3) Manage the Extended Enterprise

Leaders must also pay special attention to their organization’s extended enterprise and the security flaws these partners could expose. Deloitte recently found that a majority of CEOs fail to hold their extended enterprise to the same risk standards as their own organizations and leaders see IT providers as the third parties that pose the greatest threat.

These third parties expose the organization to significant cyber threats. But because these providers are external, they’re beyond management’s direct control. It’s critical that IT vendors are effectively managed and that the entire enterprise is held to strong security standards in 2019.

4) Increase Investment in Threat Detection

In 2019, leaders must increase investments in enhancing cyber threat intelligence and analytics capabilities. Deloitte recently found that leaders are least likely to invest in improving threat detection while more board members than CEOs cite new technologies as a priority. Prioritizing threat detection will be a key opportunity in 2019 and CEOs and Board Members must align on investment strategy in order to move forward.

5) Integrate IT Security With Business Risk Management

The traditional discipline of IT security, isolated from a more comprehensive risk-based approach, is no longer enough to protect organizations. To grow, streamline, and innovate, organizations must integrate IT security into leadership and business decisions in order to keep pace with the evolution of cyber threats.

6) Involve Leaders

To engage senior leaders, the CIO and CISO should develop business-focused cyber risk reporting, rather than overly technical reports with a focus on business impacts and risks. Engaging senior leaders in cyber is key to moving from simply identifying security threats and fixes to defining business impacts, governance methods, risk escalation steps and organizational responses.

7) Utilize Threat Intelligence Programs

Companies can use threat intelligence programs to proactively identify and monitor risks. For example, Deloitte’s Insider Threat and Predictive Risk Intelligence programs identify and “disrupt” internal and external issues that could open the company up to cyber attacks.