Cyber risk and security in the era of digital transformation

A person is typing on a laptop keyboard and is accessing files that contain critical and secure data

How is technology evolving life, societies and organizations and how does it impact digital transformation?

The role that technology plays in human life is becoming an increasingly urgent topic of discussion in today's society. Considering the nature and pace of technological change and how different it is now versus previous eras is enlightening. Looking back through the kaleidoscope of time to twenty years ago, the Internet, or World Wide Web1, was primitive and basically just for play. Companies like AOL, a web portal and online service provider, reigned supreme as the one-time mogul of media, the CD was king of recorded music2, Nokia just unveiled the world's first-ever monochromatic display cell phone3, and the cloud was only known as what people saw in the sky. Today, there are more than 4.1B Internet users, more than 1.8B websites, and more than 337B GB worth of Internet traffic this year alone4 - of which 52%5 was generated through mobile phones. And that's not all, according to Paul Daugherty, Chief Technology & Innovation Officer at Accenture, distributed ledgers, AI, extended reality, and quantum computing are the next big technology catalysts for change that are seeing adoption cases this year.

The advancements in technology that we are seeing are blisteringly fast compared to the past, which is evident as more and more data becomes available. As technology continues to adapt and evolve at a rate that seems to outpace our culture and institutions, organizations without cybersecurity considerations in their digital transformation strategies are at risk, as stagnancy leads to instability and uncertainty. As the drive towards digital transformation continues to ceaselessly gather momentum, this is an appropriate time for organizations to pause and reflect for a moment on their security strategies. For most of human history, the world didn't change all that much in a single lifetime. Clearly, that's no longer the case and rapidly advancing technology is the reason why.

How can cybersecurity ensure successful digital transformation?

The ability to digitally reimagine processes and functions is determined in large by a clear digital strategy supported by leaders of organizations who foster a culture to inspire change and reinvent the old. While transformation insights are consistent with prior technology evolutions, what is unique to digital transformation now is that taking risks is a cultural norm as more digitally advanced companies seek new avenues of competitive advantages. In today's technological climate, the confidence gleaned from a competitive advantage can be largely attributed to cybersecurity and data stewardship to make the most of the digital environment.

In the age of analytics and intelligence, competing in a data-driven world is difficult. It would not be an exaggeration to say that today's business environment has become hyper-competitive, and organizations that are not continuously reinventing their business with data at its core will inevitably fall off the tracks, watching from the sidelines while their market is disrupted. However, as burgeoning digital natives were built for analytics, legacy companies have to do the hard work of overhauling or changing existing systems. Redesigning to a stage of data-driven decision making is not always a simple proposition, especially when accounting for cybersecurity implications in tandem. Some companies have invested heavily in technology but have not yet changed their organizations to make the most of these investments. Many are struggling to develop the talent, business processes, and organizational muscle to capture real value from analytics and cybersecurity. This value, however, is not guaranteed.

As technology advances, so does the level of cyber risk that organizations must navigate. According to a Deloitte report, analysts estimate that cyber risk globally "could slow the pace of technological innovation by as much as USD $3 trillion in lost economic value in 2020."6 Organizational vulnerability to cyber threats can be reduced by developing a strong cybersecurity strategy, that is specific to the company, to manage cyber resilience with confidence. Investments in cybersecurity allow organizations to understand their level of cyber resilience based on critical business assets, their threat landscape, and the maturity of their cyber capabilities. Further, integrated dashboards allow organizations to monitor their level of cyber resilience and can be customized for an operational, managerial and executive audience. Effective implementation remedies organizational imbalance and presents a full picture of the cyber-protected enterprise by addressing security standards, policies and practices, increasing cooperation and information sharing, and enhancing collaboration between partners.

Overcoming paralysis by analysis when it comes to cyber risk and security

It is no secret that the financial costs of a cyber-attack could be large enough to cripple small and medium-sized businesses. In addition to the obvious negative financial implications, brand equity is equally decimated when consumers view their privacy as being violated, altering consumer trust and long-term brand reputation. The number of data breaches reported by UK financial services firms to the Financial Conduct Authority (FCA) increased 480% in 2018 to 145, up from just 25 in 20177. Organizations are struggling to keep up with the cybercriminal community. Digital transformation; including cloud adoption, SD-WAN, and IoT (Internet of Things as well as adoption of other emerging tech, is creating and expanding new and sometimes unexpected means of attack.

According to Forbes, enterprises who are prioritizing cybersecurity are creating a formidable competitive advantage over peers, as the typical U.S.-based enterprise will lose on average of $7.91M from a breach8, nearly double the global average of $3.68M according to IBM's 2018 Data Breach Study9. Digital natives are becoming increasingly more and more comfortable with technology, and are giving away more personal data than ever, despite growing risks and consequences. An Experian study revealed that 70% of consumers globally "are willing to share more personal data with the organizations they interact with online, particularly when they see a benefit."10 Another survey conducted by the Center for Data Innovation came to a similar conclusion, finding 58% of consumers are "willing to share their most sensitive personal data" (i.e., biometric, medical and/or location data) in return for using apps and services11. Consumers are putting trust in organizations to manage and protect their private data securely, and organizations in turn must become well-equipped with a cybersecurity strategy to do so. The prevalent challenge and necessity to overcome and prepare for cyberthreats is to incorporate security into a core strategic vision. The next step is to develop the right business processes and building capabilities, including both data infrastructure and talent. It is not enough simply to layer powerful technology systems on top of existing business operations. All of these aspects of transformation need to come together to realize the full potential of cybersecurity.

Embedding cybersecurity into digital transformation

It is highly important for organizations to make security the starting point, and not an afterthought. Despite the abundance of data breaches across the globe, security remains an afterthought for a vast majority of digital transformation activities undergone by current businesses such as; mobility, cloud services, and customer experience programs. Security is unfortunately seen as slowing down a project, rather than enabling its success. Understandably, however, with time pressure to get a project up and running, the lack of sensible security considerations is a problem for organizations striving for true cyber resilience and vigilance.

As apparent across today's digitized climate, with the increasing frequency and publicity of cyber-attacks getting grander and more complex, businesses must realize that their customers are more aware of cyber issues than ever before. Embedding a cybersecurity strategy at this point in time is a critical competitive advantage. According to a survey of IT and Security professionals, only 18% of organizations agreed that their security team had been involved in all their digital transformation projects, and 76% agreed that security considerations were added too late in the project, ultimately resulting in projects being delayed due to being retrofitted after key decisions had been made.12 In the same survey, 85% of respondents agreed that the security team could have done a better job if they had been included earlier in the project. The key challenge and overall objective for the security team is to reassure the organization that their IT infrastructure is secure and resilient. However, it is important for organizations today to understand that no digital transformation project should ever start without understanding its security implications.

Organizations who can harness these capabilities effectively will be able to create significant value and differentiate themselves, while others will find themselves increasingly at a disadvantage. More than ever, we are all heavily relying on the emerging digital economy. And as our organizations, government agencies, and critical infrastructures move to this ever-evolving digital model, a major security event could have catastrophic consequences for all of us. It is also important to remember that cybersecurity events do not care about political, social, or economic borders. When an infrastructure or economic system is brought down and compromised, everyone suffers.