In line with this, more and more companies are not just brushing up their approach every few years. Many are rebuilding their systems from the ground up to confront the magnitude of today's cyber threats.
What security leaders can do
Now more than ever, security leaders will have to use their influence to manage a broader array of external threats and higher expectations across the business. CISOs will no longer be stewards of security technology, but rather, decision-makers.
So what can security leaders do to manage these challenges and how can they prepare their organisations for the future?
1. Shore up cloud, mobile and data security
A maturity gap exists between companies using more traditional security technologies and those advancing into newer areas. To free up resources to focus on newer areas, think about which of your capabilities are mature enough to delegate, automate or outsource.
Enterprises are widely adopting cloud and devoting significant resources to securing it. There may be worry about cloud, but it is a part of business today. Ensure your organisation gets the most out of the cloud opportunity with the least risk.
Mobile device security is generally lagging. As more devices become connected and the promise of the "Internet of Things" is realised, these problems will just compound themselves. Focus your efforts on bolstering mobile security capabilities.
With increasing amounts of data being generated by enterprises, do not get overwhelmed – concentrate on your most critical assets. To help manage the rising external threat, advance your approach to real-time security intelligence and analytics.
2. Enhance education and leadership skills
Enhance your education and leadership skills to benefit from your growing business influence and ensure continued support from leaders throughout the organisation.
3. Engage outside your organisation
With the widespread expectation that connections with customers, suppliers and partners will increase levels of risk, security leaders must figure out how best to protect their ecosystem, and not just their organisation.
Make a concerted effort to determine how to clearly assess each other's security – how can you best build trust in one another and broader ecosystems? Use industry groups as critical communication avenues for good ideas.
4. Plan for multiple government scenarios
Because of the uncertainty over what governments may or may not do with respect to cybersecurity, plan for multiple possibilities. While it is conceivable that governments will enact higher security standards and guidelines that would directly aid enterprises, you cannot rely on such a circumstance.
Ensure that you have regular dialogue with your Chief Privacy Officer and general counsel to better understand what requirements may arise. And take a comprehensive approach that draws upon advice from voices outside the security function.
Sign up for CIO Asia eNewsletters.