CISO, responsible for cybersecurity, and executive boards need to communicate more frequently and more effectively. Board members increasingly recognize that value creation, trust, and cybersecurity go hand in hand. Cybersecurity features prominently on their agendas, however, they could make better use of the expertise that CISOs bring.
The great uncertainty in the world, driven by geopolitical unrest and rapid technological developments, is keeping CEOs awake at night, according to PwC’s annual CEO Survey. Another issue that occupies CEOs more than average is cybersecurity. These risks are significant and urgent, and they are closely linked to global instability as well as to technological developments.
Relatively little contact between CEOs and CISOs
That the topic features prominently on boardroom agendas is good news. Even more remarkable, then, is that PwC’s research Digital Trust Insights shows that interaction between the C‑suite and the CISO could be improved. Only one‑third of Dutch respondents reported that there is regular contact between the CISO and top management. A strong CISO combines deep technological expertise with a solid understanding of the business. The CISO’s role is crucial in cybersecurity: to prevent cyber measures from being overlooked in new initiatives, and to ensure that senior leadership has insight into the associated risks. When it comes to technology, opportunities and risks are two sides of the same coin.
Cybersecurity is entering new domains
The recently published CEO Survey (January) shows that nearly three-quarters (67 percent) of Dutch CEOs plan to invest in cybersecurity in the coming period. This is a positive development, as CEOs will be facing significant new challenges in the years ahead. Below, I highlight two examples that clearly illustrate how cybersecurity is expanding into new domains.
- AI agents rolling out the red carpet for hackers
AI agents that autonomously make decisions and execute tasks can act as digital security officers, contributing significantly to preventing and responding effectively to attacks. This is especially helpful for companies that struggle to attract people with the right digital skills. But keep in mind: cybercriminals are also deploying AI agents. Attackers can use hidden instructions embedded in documents or messages to 'hijack' an agent’s behaviour, effectively rolling out a digital red carpet for hackers. Various measures are available to mitigate these risks, but you need to be aware of them and incorporate them into the design of any AI agent. - Quantum computing that cracks encryption
Quantum computing offers countless new possibilities, such as medical breakthroughs, accelerating technologies like AI, and enabling solutions to secure the internet of the future. A tremendous development — but again, it can quickly become a nightmare when used by people with malicious intent. Quantum computing can bypass the encryption that protects sensitive corporate and personal data. Where we once thought this threat might emerge in about ten years, the current time horizon is three to four years. What makes the issue even more urgent are signs that hackers are already storing stolen data today, with the intention of decrypting it in a few years’ time. Mitigating measures are possible here as well, but they are complex and time‑consuming.
‘Value creation, trust, and cyber safety are inseparable’
For a long time, cyber risks were viewed primarily as a technological issue — a weak spot in the technical infrastructure. Now, they are increasingly recognized as strategic risks for organizations. More and more executives understand that value creation, trust, and cyber safety are inseparable. This makes it even more important to draw on all the knowledge available within an organization. And it is equally a reason to ensure that the CISO is invited to the boardroom more often.
About the author
How can we help increase your cyber security?
