The new normal forced businesses to adapt to the disruption, and organizations implemented new technologies enabling remote working.

However, many companies did not involve cybersecurity in their decision-making process, putting businesses at risk.

EY, a leading professional services firm in audit, tax, consulting, strategy and transactions, presents the main findings from Latin American companies that participated in its Global Information Security Survey 2021, which is based on detailed interviews with more than 1,400 chief information security officers (CISOs) and senior security executives around the world.

"Over the past 18 months, the need for rapid transformation meant that many companies overlooked security. As businesses maintain new working practices in the post-covid era, the risk of moving forward without addressing these gaps is increasingly relevant and some recent events around cyber data hijacking emphasize how critical it is to implement immediate action", said Carlos Lopez Cervantes, Leader, Cybersecurity at EY Latin America North.

The EY Global Information Security Survey 2021 explores the challenges faced by CISOs as growth enablers and strategic partners, among those challenges we can find:

1. Cybersecurity is not high on the investment priorities of Latin American companies and such funding is needed now more than ever. Thirty-nine percent of respondents expect to face a major breach that could have been avoided by making adequate investments in cybersecurity. In this regard, 32% of the organizations surveyed spend less than 50K on cybersecurity issues.
2. 57% of CISOs feel that the timelines for cybersecurity reviews are too tight when implementing new solutions and 53% don't know if their defenses are strong enough to counter new cybercriminal strategies.
3. CISOs' relationships with the rest of the organization are weak (when having strong connections is key to security), 77% said their colleagues don't bring them into initiatives until after the planning stage and only 33% are included in the design stage of new strategies.

"CISOs should be advising at the earliest stages of the decision-making process. However, according to our research, relationships between the cybersecurity function and other areas of the business are weak; where 31% of respondents have seen business teams push aside cybersecurity processes to facilitate remote and flexible working, which represents a significant risk", said Gustavo Diaz, Partner

Cybersecurity Leader for the Financial Sector at EY Latin America North. Undoubtedly, CISOs are concerned about the vulnerabilities introduced by the transformation in the pandemic era. In this context, 7 out of 10 companies saw an increase in the number of disruptive attacks in the last 12 months and 57% of CISOs are more concerned than ever about their company's ability to manage cyber threats.

Over the past year, cybercriminals have improved their techniques, adopting more sophisticated strategies. 45% of respondents do not know if their supply chain is prepared to defend against and recover from an attack and only 30% of CISOs hold monthly or weekly board meetings on cybersecurity issues, the rest only review on a quarterly, annual or as-needed basis.

According to the survey conducted by EY, 78% of cybersecurity leaders in Latin America believe that COVID-19 gave them an opportunity to position themselves as strategic partners in the business through different strategies that transformed their approach, for example:

Mapping the cybersecurity strategy to the business and IT strategy

Applying appropriate levels of controls to protect business information

Establishing appropriate communication channels for feedback and continuous improvement of the cybersecurity model.

Performance reporting mechanisms

Today more than ever, the profiles of cybersecurity executives need to be more strategic, with more and better knowledge, staying at the forefront to meet the challenges currently faced by organizations.