EY’s Puneet Kukreja discusses his role as UK and Ireland cyber leader as well as his thoughts on digital transformation, sustainability data and cyber talent shortages.
Puneet Kukreja is the UK and Ireland cyber leader at EY.
With more than 20 years of experience primarily in the banking, insurance and health sectors, Kukreja’s mission is to lead successful digital and cyber transformation programs that protect client investments and build organisational trust.
He has worked with multiple global organisations in countries from the UK to China and has also spoken at various international conferences.
He began his current role at EY Ireland last year and currently manages a team of more than 250 partners, directors and cyber experts across Ireland and the UK. In May of this year, Kukreja worked with EY Ireland to launch a new Managed Cyber Security Operations Centre to help SMEs and other businesses defend against cybersecurity threats and reduce cost barriers.
“Our collective focus is dedicated to serving our clients and addressing their specific needs, ensuring their cybersecurity concerns are met with precision and excellence.”
‘Achieving organisational resilience via digital transformation is paramount’
What are some of the biggest challenges you’re facing in the current IT landscape and how are you addressing them?
Today’s CISOs [chief information security officers] are not just technical experts; they are versatile leaders who must wear multiple hats to combat the constant threat of organisational compromise. While technical expertise remains crucial, a more diverse skillset is essential, including effective communication and broader business acumen. This broader skillset enables them to influence decision-makers at the board level. Continuous investment and budgetary support are vital in an ever-changing threat landscape to safeguard against cyberthreats and uphold trust and the company’s reputation.
In today’s digital landscape, CIOs [chief information officers], CISOs and CTOs [chief technology officers] face a significant challenge – the scarcity of available, skilled talent. As the cyberthreat landscape evolves, the demand for trained professionals has reached unprecedented levels, putting immense pressure on technology leaders. Traditionally, organisations have followed closed-loop thinking regarding the source of expertise.
Given the ever-evolving threat landscape, it’s crucial for CIOs, CTOs, and CISOs to seek partnerships that can effectively address resource and talent shortages. Collaborating with a team specialising in cyber advisory, cyber engineering and managed SOC [security operations centre] services presents a cost-efficient solution. This approach enables the freeing up of technical personnel to optimise high-value technology initiatives, allowing leadership to center its efforts on strategic decision-making.
At EY, we’ve restructured our cyber offering with a focus on the current needs of CIOs, CISOs and CTOs. We’ve brought together a team of highly skilled cyber experts and specialist engineers specialising in cloud, network, infrastructure, data and security. This team operates a managed SOC and serves as a comprehensive solution for detecting, investigating and responding to our clients’ security requirements.
What are your thoughts on digital transformation in a broad sense within your industry?
The term ‘digital transformation’ is frequently used but not always well-understood. It encompasses a spectrum of changes, from creating new websites and mobile apps for some, to fundamentally altering how customers engage with an organisation, particularly when a business shifts from a high-touch to a low-touch, more personalised model. In essence, I view digital transformation as an improved approach to conducting business. It involves extending reach, enriching and broadening core services, all while prioritising security by design.
Achieving organisational resilience via digital transformation is paramount. A mismanaged digital transformation not only harms reputation but can also result in regulatory complications.
Sustainability has become a key objective for businesses in recent years. What are your thoughts on how this can be addressed from an IT perspective?
When we delve into ESG (environmental, social and governance) factors, the common focus centers on environmental performance and progress in sustainability indices. However, from a cybersecurity standpoint, ESG entails a critical conversation.
It revolves around the necessity of implementing a robust cyber strategy to ensure the security and preservation of an organisation’s trustworthiness, often referred to as its “trust index”.
To put it plainly, this involves guaranteeing the reliability of data. Just as financial reporting requires secure and resilient measures to prevent third-party compromise, sustainability data carries a similar weight. The security, resilience and safeguarding of sustainability data stand as top priorities. Protecting the accuracy and transparency of an organisation’s sustainability data has a substantial impact on trust and reputation, which, in turn, plays a pivotal role in predicting long-term success.
‘Today’s CISOs are not just technical experts; they are versatile leaders’
What big tech trends do you believe are changing the world and your industry specifically?
No tech-trend conversation happens today without the mention or inclusion of AI, particularly generative AI and large language models, and their potential. Personally, I find it truly exciting that AI can now streamline many of the routine, time-consuming tasks. This advancement provides organisations the ability to retain their knowledge and talent while opening new avenues for cross-training and upskilling.
Within the realm of cybersecurity, AI assumes a pivotal role in optimising system efficiencies. This optimisation empowers organisations to allocate their resources towards more advanced threat protection, harnessing cutting-edge technologies like Microsoft Copilot within the framework of EY’s managed SOC services.
The integration of AI into cybersecurity operations significantly enhances operational efficiencies through the automation of threat detection, response and mitigation processes, ultimately enabling organisations to respond to threats with greater speed and effectiveness.
What are your thoughts on how we can address the security challenges currently facing your industry?
From a cybersecurity perspective, organisations, regardless of their size, grapple with three foundational inquiries. Firstly, there’s the matter of cyber hygiene: Are we regularly implementing essential security patching, and undertaking threat and vulnerability management practices? Is the company consistently updating and monitoring its systems, and do we have a comprehensive incident response plan in place?
Once we establish a robust foundation of cyber hygiene, the subsequent focus centers on the sufficiency of our defenses, “are we secure, are we secure enough?”. This involves identifying critical services with potential business impact. For instance, a bank might ask, “Are our ATM and online services operating without interruption, and what measures guarantee their continuous functionality?”
Lastly, the talent and skills aspect come into play where we are continuously asking ourselves, do we possess the requisite expertise internally or should we explore external sourcing? “Will we buy it or source it”. These three questions collectively shape the cybersecurity considerations for organisations.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.