Besides that, IT teams should also frame security differently than before. "It's not IT security - where security is IT team's responsibility. Instead, IT leaders/team should start talking about what IT can do to limit business risks so business can be engaged in a valuable dialogue," urged Piff.
He also highlighted that SecDevOps will be the future of cybersecurity. "Security will be embedded at the outset; no more bolting-on after [the product/app is completed]."
Ferguson added: "When do you know that you've gotten security right? That's when you don't have a security team anymore. Infosec needs to be embedded into the business. This means that you need a security champion in every department, be it HR, marketing etc."
Sign up for CIO Asia eNewsletters.