Building Pervasive Cyber Resilience Now
Companies are racing into the digital future—adopting technology-enabled operating and business models that drive bottom- and top-line growth. But they are not prepared for the new cyber risks that come with the connected, data-driven future enterprise. To be cyber resilient, companies need to infuse security into everything they do—and every new thing they are preparing to do.
We asked 1,400 C-suite executives, including Chief Information Security Officers (CISOs), how they prioritize security in new business initiatives, whether their security plans address future business needs, what security capabilities they have, and their level of internal and external collaboration on security.
With digital comes risk
Future business relies upon constant, intimate digital connections with suppliers, partners, and customers to stay relevant and competitive. It uses intelligent technologies and big data in all facets of business operations—from C-suite decision making to crafting custom offers for internet shoppers in pursuit of profitable growth.
But the connected, intelligent and autonomous enterprise comes with additional cyber risk. All that sensitive data, connectivity and automation multiplies the opportunities for hackers by expanding the “surface area” exposed to cyber attack. And, because digital systems are so embedded in daily operations, the potential damage from even a single security incident is magnified.
The enterprise is changing
The future enterprise is leaner, faster and more agile. Business processes are streamlined, digitized and automated. This data-driven, real-time action creates more risks from:
- Connectivity—the internal digital networks that run daily operations and the internet connections that link the company to an ever-expanding universe of suppliers, partners, customers and, increasingly, with a virtual workforce
- The “intelligent” corporation—employs voluminous and complex data sets and advanced technologies to guide decision making and discover new opportunities
- Autonomous machines and processes—from robots to self-driving warehouse equipment to computer systems that automatically carry out work with outsiders
A need to secure the future
To manage risks, companies need to build pervasive cyber resilience—weaving cyber protection into everything they do today and plan to do in future. This means breaking security out of its silo and dispersing cyber expertise and responsibility throughout business units and functions. It means inviting the CISO to bring the cybersecurity perspective to the table when business strategy is being decided. Today, most CISOs are not consulted until after the company has decided to launch a new business, if at all.
Five ways to build cyber resilience
- Make your business leaders Resilience Leaders—by including the security team in strategy sessions and extending expertise and accountability for cybersecurity to the front-line of the business.
- Support the security leader as a trusted business enabler—by helping the CISO to be more “business-savvy,” and creating new security roles within business units to bridge the gap between security and the business.
- Make employees part of the solution—by ensuring all employees are trained in the basics and engaged to act as advocates for cybersecurity, and potentially using technology to track suspicious behaviors.
- Be an advocate for protecting customers—by educating customers about how to protect themselves while securing consumer data to meet new regulation (such as the EU General Data Protection Regulation).
- Think beyond your enterprise to your ecosystem—by collaborating with partners, suppliers and other third parties to share cybersecurity knowledge, products and services.
We’re not building adequate protections for the risks created by the connected, intelligent and autonomous systems of the future business.
Winning the war
Corporate security experts have made great progress in the war against cybercrime. But winning the next war will require both new strategies and new weapons. Top leaders can ensure the success of the connected, intelligent, autonomous business by making sure that security is a core competency across the organization. If they do this, companies will not only keep the enemy at bay, they will also build trust with customers and partners and develop the bulletproof business processes that will make them stronger competitors. With pervasive cyber resilience, the future business can grow with confidence.