A PwC study last year revealed that about 62% of global CEO’s worry cyber threats will affect their company’s growth prospects. As a result, it is not surprising that potential cyber security risks will pressure CIO’s at companies to increase IoT security spending by up to 25%, temporarily neutralising business productivity gains.
For industrial organisations undergoing digital transformation, security risk goes well beyond a sole connected object or database. The whole extended digital enterprise becomes implicated, including the supply chain and partner ecosystem. Indeed, cyber security is a critical business issue now, but many CIO’s are still not treating it as such. According to Gartner, as few as 30% of organisations take cross-organisation steps to drive a business-led approach to digital risk. It’s time to rethink cyber security as a strategic business priority and not just an IT decision.
A continuous battle
Cyber security is a continuous, always-on, proactive activity – not a task or a single point in a process. As such, it calls for a holistic strategy including people, processes, and technologies that integrate security at every level, instead of downstream, which is often too late. The NIST framework is an incredibly useful reference for building an end-to-end digital risk strategy, as it defines multiple layers of defence, from the identification of risks to ecosystem-wide, fast recovery from incidents.
Regarding security only as a matter of building a defence only creates barriers and slows progress. But if you think of cyber security as spanning all facets of your organisation, you can take a proactive approach and drive digital innovation as an intrinsic part of your security framework.
Everyone is at risk
In a digital world, no company can become a castle. Every organisation is exposed to the threat of cyber attacks in the age of the rapid convergence of IT/OT. And at this convergence, the technology aspect of cyber security only partially addresses the issue of ongoing cyber threats. Organisation-wide changes, processes, and employee training must inform and bolster any company’s cyber security stance.
The strategy must be an ongoing business conversation for every company engaged in digital transformation, and the chief security officer must have a regular seat at the table. Digital innovation depends on it.