CEOs, CIOs and CISOs are continually bombarded with messages promoting fear, uncertainty and doubt around cybersecurity, but as the pace of digital transformation accelerates they need answers not endless scare stories.
Company and business technology leaders want to know what good security looks like in the digital age and how to build in security from the very start of their digital transformation programmes. Some want to know if they can use enhanced security and trust as a market differentiator.
Global professional services giant Accenture surveyed more than 2,000 company and business technology leaders round the world about cybersecurity in the digital era and found they raised a series of key issues, including:
- Are we investing enough in security?
- Are we investing in the right things?
- How can we better protect our business?
The survey’s results are pulled together and analysed in Accenture’s High Performance Security Report, which looks at how organisations perceive cyber risks, the effectiveness of current security efforts and whether existing cybersecurity investment is adequate. The findings point to an apparent contradiction around enterprise cybersecurity, which the report suggests strategies for tackling.
Despite the questions raised by cybersecurity executives, some 82 percent of UK respondents reported confidence in their cybersecurity strategies and 74 percent said their organisation had completely embedded cybersecurity into their cultures. At the same time, the respondents reported security breaches and failures at levels that keep many security leaders awake at night and which are all too familiar to business and technology executives.
Faced with this, those charged with securing the enterprise have a choice, according to Kelly Bissell, Global Managing Director, Accenture Security: they can do more of the same or they can fundamentally reboot their organisation’s approaches to cybersecurity.
Around half those surveyed by Accenture would, given extra budget, spend it on more of the same things they are doing now. Only 28 percent would invest in mitigating financial losses and just 17 percent would invest in cybersecurity training, though the report argues that these are extremely effective ways of enhancing security. Click to see Infographic
Digital transformation can be the catalyst for a security rethink and reboot, says Bissell. “Organisations have the opportunity to build security into the design of all digital initiatives from the start, so it is an integral part of the solution and not a last minute or late ‘bolt-on’ to the process,” he argues.
“This will make the CISO and the cybersecurity team an integral part of the growth strategy for any business. They may not directly influence the rate or speed of growth, but they will start to give the business greater confidence to grow securely.”
A security reboot doesn’t just involve a focus on an organisation’s latest digital initiatives, it requires a new approach across the whole organisation. Accenture identifies six criteria from its survey that need attention, along with a number of suggested actions:
These approaches will allow organisations to improve their cybersecurity and give business leaders confidence they can grow and transform successfully and securely. However, they also raise key issues about strategy and sourcing.
In the digital world, few organisations do business on a standalone basis. What applies to business also applies to security. As the boundaries of the organisation become ever less clearly defined, few can, should or would want to continue with a go-it-alone security strategy.
Rather than continuing to adopt point solutions to address individual weaknesses in their security, organisations need to review security across their entire business, including their supply chain and their business ecosystem of partners and alliances.
Faced with these challenges, an increasingly attractive approach is to work with a security partner to help protect key elements of the business, help keep pace with the latest innovations and address skill shortages through the provision of managed security services.
If you are trying to embed security into the heart of your organisation’s digital transformation process and are endeavouring to rethink your organisation’s fundamental approach to cybersecurity, there is considerable food for thought in the Accenture report.
Certainly, the six key points it suggests are an excellent way to start the process and measure your progress.