Cybersecurityconsiderations2024Technology

innovations

demandstrategic

pragmatism.KPMG

International/cyberconsiderationsMeetcustomerexpectations,improve

trustAligncybersecuritywithorganizationalresilienceEmbedcybersecurityandprivacy,

for

goodNavigate

blurringglobalboundariesModernize

supplychain

securityUnlock

thepotentialof

AI—

carefullySupercharge

securitywithautomationMake

identity

individual,notinstitutionalCyber

strategiesfor

2024ForewordForewordAs

2024unfolds,organizationalleaders,fromtheCEOdown,havemuchontheirplates.Theyarecontendingwithdiversechallengesaroundachievingsustainedgrowth,navigatingtheimpactandrisksofemergingtechnology,andattractingandretainingtalent,to

namejustafew.

Fortheirpart,

ChiefInformationSecurityOf?cers

(CISOs)areincreasinglybeingviewedasproactiveco-stewardsoftheseongoingbusinessimperatives—notmerelythecavalryleaderridinginto

savethedayduringacrisis.ThisevolvingthreatlandscaperequiresorganizationsandtheirCISOsto

viewsecuritythroughanew,

morepragmaticlens.Morethaneverbefore,theymustbalancedatasecurityandprivacywiththebroaderobjectivesofthebusiness.Fromacybersecurityperspective,theimpactsofsocietal,economic,political,andregulatorydevelopmentsaremoreconsistentlyfeltgloballytoday.Thesimplereasonistheworldismoreconnected.Themostacuteeffectoftheconnectedbusinessecosystemcontinuesto

bewithinglobalsupplychains—forallpracticalpurposes,therearevirtuallynoregionsoftheworldthatareisolatedanymore.InourannualCybersecurityconsiderationsreport,adiversecross-sectionofglobalKPMG

cybersecurityspecialistsexploreseightconsiderationsthatCISOsandtheirteamsareencouragedto

prioritizeinthecomingyearto

supporttheorganization’sbusinessgrowthobjectivesbymitigatingtheimpactofspeci?ccyberincidentsandreducingoverallcyberriskexposure.However,thereremainlocalnuances.Forexample,thereareregulatoryrequirementsto

whichbusinessesmustadherethatremainuniquelyregional,suchascertainmarketsbeingmoresensitiveto

theprotectionofpersonaldataandnewrulesaroundresponsibleAI,

criticalinfrastructureandsupplychains.Organizationsworldwidefacemanycybersecuritychallengesrequiringtheimplementationofcontrolsto

buildandembedresilience,meetregulatorymandates,andreduceoverallrisk.However,therapidemergenceofarti?cialintelligence(AI)

asastrategictoolforbothlegitimateandnefariouspurposesisrapidlymovingupthelist.ThedemocratizationofAI

—theseadvancedtechnologysolutionsandmodelsarenowlargelyaccessibleto

anyonewithacreditcardviathecloud—hasatoncerevealednewpathsto

valuecreationandexposedsigni?cantpotentialrisks.AI

isprovingto

beatrueorganizationalgame-changer,includingforsecurityteams.There’saglobalfocuswithinthecybersecurityuniverseoncomplianceingeneral,withare?nedeyetowardtheoverallburdenofregulation,aswellasthediversityofvariousreportingrequirements.As

aresult,companiesareputtingmoreemphasisonembeddingprivacyandsecuritywithinthewaytheycomplywithabroadrangeoftrans-borderregulatoryrequirementsandregimes.Thisisofparticularinterestwhenitcomesto

buildingandgoverningresponsibleAI

systems,ensuringcustomerprivacy,andenactingguidelinesaroundcriticalinfrastructure,supplychains,smartproducts,andresilience.?

2024

Copyright

owned

by

one

or

more

of

the

KPMG

International

entities.

KPMG

International

entities

provide

no

services

to

clients.

All

rights

reserved.Cybersecurity

considerations

20242Meetcustomerexpectations,improve

trustAligncybersecuritywithorganizationalresilienceEmbedcybersecurityandprivacy,

for

goodNavigate

blurringglobalboundariesModernize

supplychain

securityUnlock

thepotentialof

AI—

carefullySupercharge

securitywithautomationMake

identity

individual,notinstitutionalCyber

strategiesfor

2024Atthesametime,cybersecuritybudgetsmayhaveto

bemoreobjectivelyjusti?edmovingforwardasorganizationsdealwitheconomicuncertainty.ManyCISOsareseeing?atbudgets,notnecessarilyreduced,assomeofthatspendisdivertedto

organizationalinnovation,particularlyAI

andautomationsolutions.Thisnoteworthydevelopmentrequiressecurityteamsto

engageintechnologyrationalizationandbudgetoptimization—essentially,doingmorewithless.Fundamentally,thisreportexploresfromvariousangleswhatisperhapsthecentralaspirationforexecutivesacrosstheenterprise:keepingtheirorganizationsresilient.Bottomline,ifadataleakornetworkbreachoccurs,howquicklycantheorganizationresumeregularoperations,andhowcantheimpactoncustomersbeminimized?Thisisemblematicoftheresilienceagendathatcanbeseenwithinmanyofthemostrecentlyproposedregulations,particularlythosefocusingoncriticalinfrastructuresectors.Inmanycases,theemphasisisnowonresponseandrecovery,aswellasmitigatingharmto

customers.Thisisadifferentlensthroughwhichto

viewsecurityrelativeto

thetraditionalperspective.Whileeconomicheadwindsdrivebudgetpressures,thereisagrowingviewthatcybersecurityhasmaturedto

thepointthatorganizationscantriminvestment.Further,securityfunctionalityisnowembeddedwithinotherITandtransformationbudgetsratherthanbeingacentralbudgetprovision.Also,theshiftto

acloud-based

security-as-a-service

approachembedssecuritycostsintocompanies’broaderoperatingexpensesinawaywehaven’tseenpreviously.Cybersecuritymustbeviewedasanever-evolvingongoingendeavor.Themoreorganizationsacceptcyberincidentsasinevitableyetmanageable,thebettertheirchancesofachievingthatbalancebetweenpreparationandresilience.Inthisenvironment,IencourageCISOsto

sharpentheircyberriskquanti?cation(CRQ)process,whichhelpsexpresstheimpactofcybersecurityriskin?nancialtermsusingmathematicalmodelingto

illustrateriskthroughmeasurablevariables.1LookingatriskthroughaCRQlenscaneffectivelyAkhilesh

Tutejademonstratereturnoninvestmentandinvestmentprioritiesto

leadershipandtheBoard,ensuringtheorganizationunderstandsthethreatfrombothtechnologyand?nancialperspectives.GlobalCyberSecurityLeaderKPMGInternational1Forrester,

TheCyberRiskQuanti?cationLandscape,Q42022,November29,2022.?

2024

Copyright

owned

by

one

or

more

of

the

KPMG

International

entities.

KPMG

International

entities

provide

no

services

to

clients.

All

rights

reserved.Cybersecurity

considerations

20243Eight

key

cybersecurity

considerations

for

2024Click

oneach

considerationtolearnmore.Meet

customer

expectations,Embed

cybersecurity

andimprove

trustprivacy,

for

good010204With

cyberthreatsanddata

privacyconcernsgrowing,CISOsshouldbeseekingtoworkcloselywithstakeholdersacrosstheorganizationtomaintain

trust

byensuringoperationsareresilientintheeventofanincident.The

actofembeddingsecurity

acrosstheorganizationshouldbeviewed

asanexerciseindrivingoperationalexcellence.Navigate

blurring

globalModernize

supply

chain

security03

boundariesDespitethechallenges

andcompetingpriorities,ensuringthesupplierandpartnerecosystem

issecureshouldnotbeabottleneck;

itshouldbea

businessenabler.A

centralconsiderationthatorganizationsshouldexamine

how

tomosteffectivelynavigate

theincreasinglycomplex

globalbusinesslandscapetoensureresilienceandbusinesscontinuity.Unlock

the

potential

ofAI

—

carefullySupercharge

security

with06

automation0507Securityandprivacyleadersshouldbesupportingthebusinessobjectivesrelianton

AIanddeterminehowtoharnessthisgame-changingtechnologyeffectivelyandresponsibly.As

operatingmodelsdigitize,

securityteamsshouldautomateandupgradetheirprocessestokeep

pace.Align

cybersecurity

withorganizational

resilienceMake

identity

individual,

notinstitutional08Organizationsshouldfinda

waytocreatea

broad-rangingcultureof

resilientsecuritythroughouttheenterprise

andseektoensureallstakeholdersareon

thesamepage.Driven

by

expanding

businessmodels,it’svital

thatorganizationsnow

view

identitynotinisolationbutfroma

broadperspective.?

2024

Copyright

owned

by

one

or

more

of

the

KPMG

International

entities.

KPMG

International

entities

provide

no

services

to

clients.

All

rights

reserved.Cybersecurity

considerations

20244Meetcustomerexpectations,improve

trustAligncybersecuritywithorganizationalresilienceEmbedcybersecurityandprivacy,

for

goodNavigate

blurringglobalboundariesModernize

supplychain

securityUnlock

thepotentialof

AI—

carefullySupercharge

securitywithautomationMake

identity

individual,notinstitutionalCyber

strategiesfor

2024Consideration

1Meet

customerexpectations,improve

trustIncreasing

trust

should

be

high

on

the

cyberagenda

in

relation

to

how

video

and

audio?les

are

used

in

the

creation

of

deepfakes,

theimpact

of

which

can

be

grave

for

privacy

andperhaps

even

democracy.Mika

LaaksonenPartnerGlobalCyberSecurityESGLeaderKPMGinFinlandConsumers,employees,suppliers—everycorporatestakeholder—expectbusinessestopursuegrowthandpro?ts.Butincreasingly,companiesareexpectedtooperateinasociallyresponsiblemanner,

aswell.Organizationsshouldstrengthentheconnectionbetweensecurityandprivacyandenvironmental,social,andgovernance(ESG)factors.

Thisbondisbeingincreasinglyrecognizedacrossthebusinessecosystem,particularlyby

ESGratingservicesastheysearch

for

greatertransparencyinmeasuringandcomparingorganizations.?

2024

Copyright

owned

by

one

or

more

of

the

KPMG

International

entities.

KPMG

International

entities

provide

no

services

to

clients.

All

rights

reserved.Cybersecurity

considerations

20245Meetcustomerexpectations,improve

trustAligncybersecuritywithorganizationalresilienceEmbedcybersecurityandprivacy,

for

goodNavigate

blurringglobalboundariesModernize

supplychain

securityUnlock

thepotentialof

AI—

carefullySupercharge

securitywithautomationMake

identity

individual,notinstitutionalCyber

strategiesfor

2024Indeed,

roughly

two-thirds

ofconsumers

will

pay

moreforsustainable

products,

although

two-thirds

of

retailexecutives

are

skepticalthat

theyactually

will

pay

more.However,while

consumers

may

be

okay

with

payingextra

for

security,privacy

and

social

responsibility,thesefactorsare,forthemoment,“tablestakes,”

thecostofdoingbusiness,althoughtheyarelikelyto

hitthebottomlinesoonerratherthanlater.The

importance

of

ESG

and

how

security

improvelaborpolicies,andensureworkplacediversityand

privacy

fit

into

the

bigger

pictureandequality,to

namejustafew

items.4Addressingcybersecurityandprivacyspeci?callyandESGbroadlyhavebecometopcorporateand,byextension,CISO,priorities.TherearedifferentAccordingto

theKPMG

2023

CEOOutlook,69

percentofCEOshaveembeddedESGintotheirbusinessasregulationsforspeci?cregionsandindustries,andameansofcreatingvalue,and50

percentanticipatethoseguidelinesneedto

engendertrust.Thisissigni?cantreturnsfromthoseeffortsoverthenextimportantfromacomplianceperspectivebutalsothreeto

?veyears.Incasesinvolvingprivateequityorventurecapital,theethicallensthroughwhichthese?rmsviewtheirinvestmentsisworthnoting.Manynowlookforassurancesoftheappropriatelevelofcybersecurityandprivacymanagement.Ultimately,they'reconcernedaboutthebranddamagecybereventscanbringto

theorganizationswheretheyinfusefunds.noteworthybecauseB2BcustomersandB2CWhileenvironmentalaspectsoftheESGagendahavegarneredthemostattention,governanceelementssuchascybersecurityandprivacyarelesswell-developed.Withcyberthreatsanddataprivacyconcernsgrowing,CISOsneedto

workcloselywiththeirESGcounterpartsto

ensurethat,intheeventofanincident,operationsareresilientandcontinuityplansarereadyforactivation.consumershavediscreteexpectationsdirectlyimpactedbythevariousrules.Individualconsumerscanpurchasealternativeproductsorservicesifthey'renothappywiththeprovider’sactionsregardingtheirpersonaldata,privacyandresponseto

breaches.Infact,82

percentpreferabrand’svaluesto

alignwiththeirown,and75percentsaidtheywouldabandonabrandoveraByembeddingcyberandprivacyconsiderationsintosocialresponsibilityprogramsandprotectingcustomerdata,organizationscanincreasethechancesofmaintainingtheirreputationsandtrustamongcustomers,evenintheeventofamajorbreach.con?ictinvalues.

Givenachoice,mostconsumers2prefercompaniesthatprioritizesecurity,privacy,andsustainabilitybyadheringto

ESGstandards.Increasingly,

there's

a

big

role

for

cyberto

play

regarding

AI

and

data

ethics.Determining

that

the

data

used

to

train

AIalgorithms

is

accurate,hasn’t

been

corrupted,and

is

free

from

bias

is

a

herculean

and,perhaps

ultimately,

impossible

task,but

wellworth

the

effort.ThisisespeciallytrueontheB2Bside,wherecorporatecustomersvaluesafeguardingtheircon?dentialdataandintellectualproperty.Moreandmoreindustrieshaveregulatoryrequirementsforcybersecurityanddataprivacy,andorganizationsthatcomplywiththeseForconsumerswhosharepersonalinformationwithpublicandprivateserviceproviders,thereisanexpectationthattheirdatawillbeprotectedandthatitwillnotbeusedforpurposesotherthanwhatthey’vesupplieditfor.regulationsarepreferredbystakeholders.

Formany3organizationsoperatinginB2Bindustries,thisismorethana“nice

to

have,”

withregulatoryobligations?owingdirectlyfrom?rmsinregulatedindustriestotheirsuppliers,whocouldbetarnishedbyassociationifthebrandexperiencesasigni?cantcyberevent.Atthesametime,there’s

anexpectationthat,inthepursuitoftheirbusinessobjectives,organizationswillactinasociallyresponsiblemannerto

reducetheircarbonfootprint,supporttheirlocalcommunities,Caroline

RivettPartnerGlobalCyberSecurityLife

SciencesLeaderKPMGintheUK234Google

Cloud,

“New

research

shows

consumers

more

interested

in

brands’

values

than

ever,”

April

27,

2022.KPMG,

Cybersecurity

in

ESG,

2023.First

Insight/Wharton

School

of

the

University

of

Pennsylvania,

“The

Sustainability

Disconnect

Between

Consumers

and

Retail

Executives,”

January

2022.?

2024

Copyright

owned

by

one

or

more

of

the

KPMG

International

entities.

KPMG

International

entities

provide

no

services

to

clients.

All

rights

reserved.Cybersecurity

considerations

20246Meetcustomerexpectations,improve

trustAligncybersecuritywithorganizationalresilienceEmbedcybersecurityandprivacy,

for

goodNavigate

blurringglobalboundariesModernize

supplychain

securityUnlock

thepotentialof

AI—

carefullySupercharge

securitywithautomationMake

identity

individual,notinstitutionalCyber

strategiesfor

2024The

social

benefits

of

actively

embedding

proliferatingdigitalcommunicationschannels.cybersecurity

into

the

ESG

agendafrictionless.

People

largely

don'tcare

untilsomething

badmaterializes,and

it

seemsasthough

they

want

theworkofsecurity

tohappen

“behind

the

curtain.”Privacycontrolscanalsoplayakey

roleinlimitingtheexploitationandmisuseofpersonalinformationwithoutconsentorknowledge.ThisisvitalinmaintainingtheA

big

part

of

theequation

is

demonstrating

tocustomersthat

cybersecurity

is

an

organizational

imperative

—

itsimply

istherightthing

todo.

Organizations

shouldapproach

thisas

though

they

aretrainingtheircustomersand

clients

tounderstand

and

care

about

theimplicationsofcyber

awarenessand

provethat

what

they'redoingisn’t

just

another

to-do

itembut

a

vital

service.The

scope

of

theESG

dialogue

needs

tobe

broadened

—at

manyorganizations,

it's

not

yet

common

tobe

talkingabout

cybersecurity

and

privacy

in

thecontextofESG.publictrustinorganizations.Many

decarbonization

and

CO

reduction

programs2relyon

digital

technologies

andautomated

systems

tomonitorand

manage

energy

production,

distribution,

andconsumption.

As

ef?cient

asthese

tools

can

be,theycan

also

create

unforeseencybersecurity

vulnerabilitiesand

requirea

high

level

ofdata

protection.Strategicallyembedding

cyber

can

helpmitigatethreats,

reduce

therisk

ofdata

breaches

and

ensureregulatory

compliance.Intoday’senvironment,therearedeepissueswiththesocialcontractbetweenorganizations,employeesandconsumersrelatingto

dataprotection.Increasingtrustshouldbehighonthecyberagendawhenitcomesto

howvideoandaudio?lesareusedinthecreationofdeepfakes—imagery,video,oraudiofeaturingaspeci?cindividualthatisreplacedwithanotherperson'sfaceorvoiceormanipulatedto

givetheimpressiontheindividualdidorsaidsomethingtheydidnot.Trainingpeople

outside

yourorganization

is

itself

anexercise

inESG

maintenance.Cybersecurity

AwarenessMonth

isanexample

of

how

governmentand

businessesworktogether

to

ensurethat

employees

and

consumersappreciate

the

basics

ofcybersecurity

to

avoidthe

mostobvious

risks.Finally,there's

asubstantialsocialresponsibilitydimensionto

bothcybersecurityandprivacywhereorganizationsshouldworkwithB2CandB2Bcustomersto

helpthembemorecyberaware.Banksdoitroutinely,andretailersaredoingitmoreandmore.There’salsoaconnectionto

supplychainandecosystemsecurity,whereimprovingthesecurityofthevendorecosystemiscritical.Deepfakesaredif?cultto

combatsince,inmanyinstances,it’supto

theaudienceto

interpretwhetherthevideooraudioisrealorfraudulent.Organizationsmustbevigilantaboutidentifyingandremovingthese?lesandshouldparticipateineducatingthebroaderpubliconthesubject.Increasingly,there's

abigroleforcyberto

playregardingAI

anddataethics.Determiningthatthedatausedto

trainAI

algorithmsisaccurate,hasn’tbeencorrupted,andisfreefrombiasisaherculeanand,perhapsultimately,impossibletask,butwellworththeeffort.There

is

no

such

thingas

100

percent

security.Despiteall

theprecautions,

incidents

do

happen.

In

the

event

ofacyber

incident,

makea

quick

decision

about

whether

youneed

todisclose

what

happened

and,

if

so,

howmuchinformation

you’reprepared

—

or

compelled

—

to

share.5Do

people

really

care

whether

a

business

It'svital

tobe

open

and

honest;

good

communication

canlead

customers

totrust

anorganization

even

morethanhas

a

cyber

incident

if

it’s

managed?theymay

have

beforethe

incident.Theoretically,most

people

would

probably

say

that

theydon't

wanta

company

whose

products

or

services

theyuse

tosuffer

a

data

breach.

But

those

same

people

don'twant

topay

moreand

wanttouchpoints

tobe

quick

andPrivacyandcybersecurityalsoplayvitalrolesinprotectingfreedomofspeechandsecuringtoday’s5KPMG

International,

“Maintaining

cyber

vigilance

and

staying

resilient,”

2023.?

2024

Copyright

owned

by

one

or

more

of

the

KPMG

International

entities.

KPMG

International

entities

provide

no

services

to

clients.

All

rights

reserved.Cybersecurity

considerations

20247Meetcustomerexpectations,improve

trustAligncybersecuritywithorganizationalresilienceEmbedcybersecurityandprivacy,

for

goodNavigate

blurringglobalboundariesModernize

supplychain

securityUnlock

thepotentialof

AI—

carefullySupercharge

securitywithautomationMake

identity

individual,notinstitutionalCyber

strategiesfor

2024Learn

moreSuggested

actionsConnectwithyourorganization’s

ESGteamtodeterminewhethertheyconsidercyberakey

aspectoftheirmandate.Ifnot,worktobuildawarenessofhow

andwhy

it’s

importanttoallthreeareasofESG.Cybersecurity

in

ESGIt'stimetoviewESGandcybersecuritythroughthesamelens.Be

practical.Effective

cybersecurityisnotasmuch

aboutgettingbusinesspartnerstodothingsdifferentlyasit’s

aboutreframingtheconversationacrosstheenterprisetoinspireotherareasoftheorganizationtoinfusesecurityintowhattheyalreadydo.SharpenyourglobalregulatoryintelligencearoundcyberingeneralandESGandprivacyinparticulartoensuretimelycomplianceandreporting;keeptrack

ofandremainfamiliarwithever-increasingregulationsandtheireffects

onyourcyberefforts.KPMG

global

tech

report:

ESGHow

businessescanusetechnologyasanopportunitytotackletheirESGambitions.Road

to

readinessKPMGESG

AssuranceMaturityIndex2023.?

2024

Copyright

owned

by

one

or

more

of

the

KPMG

International

entities.

KPMG

International

entities

provide

no

services

to

clients.

All

rights

reserved.Cybersecurity

considerations

20248Meetcustomerexpectations,improve

trustAligncybersecuritywithorganizationalresilienceEmbedcybersecurityandprivacy,

for

goodNavigate

blurringglobalboundariesModernize

supplychain

securityUnlock

thepotentialof

AI—

carefullySupercharge

securitywithautomationMake

identity

individual,notinstitutionalCyber

strategiesfor

2024Consideration

2Embedcybersecurityand

privacy,for

goodSecurity,fromtheCISOdownthroughtheirentireteam,isaverydifferent

roletoday.

Cyberisbecomingmoreembeddedincorebusinessprocesses.That

realityisbeingre?ectedinamoveaway

fromacentralizationofcybersecurityintheCISOroletoafederatedmodel,inwhich

theCISOistheconductoroftheorchestra,establishingtheframeworks,assessingrisk,andprovidingimplementationsupport.Securityisintegraltoeveryfunctionacrosstheorganization,fromfrontof?ce

toback,

andmanyleadersnow

acknowledgethevalueofintegratingasecuritymindsetintotheirverydifferent

businessculturesandprocesses.?

2024

Copyright

owned

by

one

or

more

of

the

KPMG

International

entities.

KPMG

International

entities

provide

no

services

to

clients.

All

rights

reserved.Cybersecurity

considerations

20249Meetcustomerexpectations,improve

trustAligncybersecuritywithorganizationalresilienceEmbedcybersecurityandprivacy,

for

goodNavigate

blurringglobalboundariesModernize

supplychain

securityUnlock

thepotentialof

AI—

carefullySupercharge

securitywithautomationMake

identity

individual,notinstitutionalCyber

strategiesfor

2024Business

models

and

technology

arechanging

and

impacting

securityThe

irony

is

it

doesn'ttaketheCISOto

dothat.Managingtheserisks

requiresa

cultural

shift

across

the

businesstoembracesecurity

as

part

of

theorganization’sstandardoperating

procedures.CISOsdon'tinstall

patches,

andthey

don'tmanageoperations.Security

teamsshoulddetermine

how

andwhereto

embedcertain

securitytasks

in

thebusinessand

monitor

thosetasks

to

ensurethey

arecarried

outproperly.This

ishow

we

seesecurityteams

evolving.Embeddingsecurityintobroaderbusinessshouldbeviewedasanexerciseindrivingoperationalexcellence.Securityteamsshoulddescribeanddemonstratewhat

“good”lookslikeandinspireembeddedsecurityprofessionalsacrosstheenterprisetomanagetowardthatvision.It’s

amatterofestablishingappropriateguardrailstoenableasecure-by-designapproachtobeembedded,andthenintegratingtherighttoolingandtemplatesintodevelopmentenvironments.Whetheryou

makea

widget,delivera

service,

orcreateinformation,operatingmodels

areincreasinglycloud-based,which,

inconcertwithothernew

technologies,

isbeingusedtoincreasescalability,reducecosts,generaterevenue,and

widen

pro?tmargins.Theautomotiveindustryisagoodexampleoftransformingbusinessmodels.Carstodayhave

becomehugetabletsonwheels.People

areorderingpizzafromtheroadandnoteven

usingthephone.Somuchtechnologyhasbeenaddedtogas-poweredcars,nottomentionelectricvehicles,thattheyhave

becomearguablythemostsophisticatedproductavailabletoretailconsumers.It's

going

tobeamatter

of

“insourcing”to

nudgesecurity

closertothe

customeroroutsourcingtoa

third-party

service

provider

toef?ciently

leverage

specializedskills

that

may

notexist

within

the

organization.Manyorganizations

struggle

with

the

idea

ofsecurity

asa

corecompe