Game of Threats helps CEOs realise a cyber winter is coming

12 Apr 2016

Cyber winter is coming, and for most business leaders it is a case of when and not if

Consulting giant PwC has taken to gamification with its own simulated Game of Threats to help business leaders understand that, when it comes to data breaches and attacks, it is a case of when and not if.

The digital game pits executives armed with iPads head-to-head as defender vs attacker and simulates what happens when a cybersecurity attack occurs and how firms need to respond.

Highly public breaches are becoming increasingly inevitable as the rate of cyberattacks continues to escalate.

However, explained PwC cybersecurity lead partner Pat Moran, board members of traditional organisations are shying away from the topic because of its complexity and don’t realise that, someday, they will have to take charge when an attack or breach occurs.

Simply put, Moran said IT security is no longer an IT room issue but a boardroom issue.

His views echo those of PwC partner-in-charge of cybersecurity Kris McConkey who said that CEOs and boards are now the fall guys rather than IT professionals.

The board member who signs the cheques should swing the sword


Playing the game: Leonard McAuliffe, director, PwC Cybersecurity practice; Daniel Muldoon, manager, PwC Cybersecurity practice, and Pat Moran, leader, PwC Cybersecurity practice.

Game of Threats, a global initiative by PwC, took place at the company’s Dublin offices earlier today (12 April), and simulated the speed and complexity of real-world cyber breaches to help businesses to better understand, resource and protect against attacks.

Using game theory, the game pits leadership teams against one another to help teach about different threats, identify reputational, financial and regulatory impacts and what can be done to prevent an attack.

“What we are finding from our experience in the marketplace is that clients are managing incidents very much within the IT organisation and it is taking a long time for messages to come from IT to the CEO or the board what is happening and how they are responding,” Moran explained.

“The key to what we are doing is helping non-IT people understand the nature of a threat, what it looks like and means for their organisation.

“Many C-suite and board members are reluctant and fearful of getting involved in this area because they lack knowledge or are afraid to ask a stupid question,” Moran concluded.

“The object is to change that, get them more involved in readiness and realise what calls need to be made when an incident happens, not if.”

Game of Thrones image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years