Cybersecurity – an increasingly expensive business (if not done properly…)
It’s not just an IT problem – it’s a C-suite problem!
Over each of the next four years, the cost of a cybersecurity breach will increase 100 percent…each year, every year! Blame it on increasingly digitised environments and an Internet of Things that is fast creating a webbed infrastructure spanning multiple organisations, business services and data sources. The implications remain the same. It’s time to sit up and take action!
As the role of technology in corporate operations grows, security vulnerabilities – data theft, leakage of intellectual property, corporate sabotage, denial-of-service attacks – are increasing. The damage from attacks like these can affect a company’s profits, reputation, brand, and competitive position. The damage can even affect a company’s very viability, as direct costs for data breaches can reach well into the hundreds of millions of dollars. Cybersecurity should therefore be a major component of the overall risk management programme. Cybersecurity is not and should be seen simply as an IT problem. It’s a C-suite problem.
The challenges for implementing effective cybersecurity can be divided into four major areas:
- Companies have more digital assets than they did 10 years ago, and these assets are worth more than they were before. They include a customer’s personal, financial and transaction information; proprietary assets, including source code for products; automated business processes; sensitive communications. with suppliers and partners; and other data.
- Organisations are shifting to hybrid cloud architectures as they continue to adopt software, security and other solutions as services. Historically, digital assets were protected within a company’s data centre, where it was easier to safeguard the perimeter and manage user access, authorisation and authentication from known locations and devices. Today, corporate and customer data resides in an organisation’s own data centres as well as public and private clouds, often widely distributed across remote locations. While hybrid cloud architectures offer significant economic benefits, their adoption requires a more sophisticated approach to cybersecurity, including security management at the level of individual digital assets, and integrated monitoring and management capabilities across the hybrid cloud environment.
- Staff and executives are using own mobile devices for their activities. Corporate IT now has to manage the security of many more platforms and devices, some owned by the company, others that belong to employees who use them under bring-your-own-device (BYOD) plans.
- Finally, compliance remains the most important cybersecurity driver, especially for companies in regulated industries or with contractual obligations
To effectively address these challenges and drive a more effective cybersecurity policy, we have identified a series of key strategic as well as operational principles to validate against common best practice:
Organisations who want to close the Cybersecurity Threat Gap will take immediate action before the gap widens to a point where it can no longer be closed. Among the smart moves to make are:
- Adjusting the organisational chart. Broaden cybersecurity efforts from the chief information security officer to include the COO, CRO, CEO, and the board at large. Just as these stakeholders vet strategic business decisions, they should also assess threats and major investments that stand to compromise your business.
- Making cybersecurity a reported expectation on all projects. Ensure it is integrated into designs, architecture, user acceptance, processes and people from Day One.
- Broadening your scope. If you are not considering the expanded spectrum of emerging threats, your Threat Gap is a gaping chasm. An intelligence-based approach to cybersecurity is crucial. Barring prescience, a solid plan to gather intelligence and address threats from a growing number of sources is the best defense over time.
No cybersecurity effort is 100 percent effective. You can at least tip the odds in your favour by taking action now.