Balancing innovation and security in digital transformation
By Stuart Reed
Businesses everywhere are undergoing digital transformation. Widespread adoption of mobile and cloud platforms, along with recent advances in technologies such as AI, blockchain and quantum computing are reshaping how we work. But the increased opportunities these developments represent are accompanied by a growing number of threats to our security.
In an ever more connected world, with ever more sophisticated technology, the threat landscape is only set to become more complex and potentially harmful. A greater exposure to digital technology means a greater exposure to system vulnerabilities, for example, while the tools used by businesses to innovate and improve their efficiencies are also being used by criminals.
To learn more about the intersection between innovation and security, Nominet recently surveyed more than 270 CISOs, CTOs and CIOs from the UK and US to gauge their thoughts on how risks regarding cyber security informed an organisation’s digital transformation strategy.
Addressing concerns early on
Every process of change brings with it an element of risk. When it came to their organisation’s digital transformation efforts, however, respondents to the survey saw cyber security as the single biggest risk (53 percent), far outweighing issues such as budget (41 percent) or the need for robust infrastructure management (40 percent).
Interestingly, this perception of inherent cyber security risk in transformation seems to have created a correlation between the number of cyber security events a company has faced and its progress in digital transformation. Businesses that have suffered a cyber attack in the past 12 months are half as likely to be implementing transformation strategies as those that have avoided security incidents (22 percent vs. 42 percent).
When asked what their greatest security concern with digital transformation was, a wide range of potential threats were cited. The most pressing of which – named by 60 percent of respondents – was the exposure of customer data; perhaps front of mind due to the recent introduction of the GDPR and the growing number of high-profile data breaches making the news on a regular basis. Regardless, digital transformation is clearly seen by many as being very much a high-risk undertaking. Indeed, 95 percent expressed some concern over threats to security, with two in five saying they were either ‘very’ or ‘extremely’ concerned.
Perhaps the connection between digital transformation and security fears exist because not all businesses are taking action to mitigate threats such as these at the earliest possible opportunity in their transformation projects. In fact, only around a third (34 percent) of organisations claimed to have considered the issue of cyber security during their transformation’s development phase. Many instead reported leaving it to either the pre-implementation (28 percent) or implementation stage (27 percent), with some putting it off until their transformation was underway (9 percent). Worryingly, a few even admitted to giving the issue of cyber security no thought whatsoever.
Facing a perception gap
In spite of this, an alarmingly high majority of respondents (82 percent) believed cyber security had been considered early enough in their digital transformation programme so as not to be an issue. For cyber defences to be truly effective, however, they should be considered from the very outset of a digital transformation programme. There’s clearly a perception gap, therefore, when it comes to the effectiveness of an organisation’s security measures.
Indeed, 86 percent of these companies had suffered a security breach in the past 12 months, despite highly rating the effectiveness of their security stack. What’s more, many respondents admitted that important stakeholders including customers, partners, and industry bodies had actually questioned the robustness of their security stack.
It’s not all doom and gloom, though. Organisations are turning to third-parties for guidance on how to enhance their security posture, with many seeking advice on investment from sources as varied as vendors, consultancies, analysts and outsourced cyber security providers and data loss prevention services.
This approach should be encouraged. In fact, it’s something that digital transformation enables, helping organisations collaborate more easily with external partners, adding more value to in-house teams, improving their capabilities, and creating an environment more secure than could be achieved by an organisation working on its own.
Don’t risk doing nothing
Advances in digital technology will continue to unlock a wealth of new services, industries and business models. With change, however, comes a need for trust and digital transformation is built on a foundation of this of which cyber security is an important part. And with the enforcement of increasingly stringent regulations, ensuring secure digital transformation is as much of a legal matter as it is practical.
Commercially, there’s clearly a lot at stake. But while there is a perceived risk associated with digital transformation, organisations must weigh this against the greater risk of doing nothing and losing their competitive edge, as well as the opportunity of maturing their cyber security protection as part of the digital transformation process.
To reap the rewards, without the risk, strategic thinking around security will be needed from the outset. Not only must a transformation programme drive revenue or increase efficiency, but it must also be secure and increase trust in the business. Fortunately, this is not something an organisation needs to face alone.
A thriving outsourcing market, and developments in security technologies such as cyber intelligence found within DNS traffic, as well as APIs and cloud platforms, mean businesses have access to expert advice and state-of-the-art capabilities. If cybersecurity is considered at the start, digital transformation can actually improve a company’s security posture and not detract from it.