In this rapidly evolving digitally driven economy, as enterprises are accelerating their efforts to transform their businesses fundamental changes are being forced on their infrastructure and cybersecurity processes.
Corporate executives are increasingly aware of the impact of cyber threats to their financial, employee, and customer data along with their intellectual property and overall company reputation. They recognize that the security plans in place to protect their traditional business are no longer adequate in a digital domain.
Digital business initiatives requiring new technologies are challenging enterprise cybersecurity teams and increasing the demand for capital investment in enterprise wide security protocols. Operations teams are identifying new vulnerabilities for security breaches, increasing the priority for security patches and updates, increasing the involvement of business leaders in security discussions, and accelerating training and awareness programs on all aspects of the business as part of an overall cybersecurity action plan.
Executive leadership teams and Boards must embrace the need for a strong cybersecurity strategy and agree to the ongoing funding requirements. The strategy is imperative but has to be backed by a solid business model and operating plan in which security is imbedded in the culture from the top down. The old adage, “pay me now or pay me later”, is a great way to think about investing in a secure enterprise versus repairing a damaged reputation in the market or worse.
According to Gartner, 99% of vulnerabilities exploited through 2020 will continue to be ones known by security and IT professionals for at least one year. This prediction is one of the top 10 emerging risks in cybersecurity. Risk can be mitigated by incorporating a cybersecurity strategy and execution plan into the business planning at the beginning; ensuring that the entire enterprise is part of the solution.
Three areas of focus to mitigate risks are:
1. Security professionals and business leaders work together to balance risks versus business requirements and create processes that allow for agility to respond to threats.
2. Prioritize the upgrading of skills and technology throughout the supply chain with a focus on detection and rapid response versus incident reporting.
3. Establish a governance model and business rhythm for ongoing security discussions that ensure cyber-security is a consideration in all business decisions.
Don’t be fooled that cybersecurity is not as important as great customer service, awesome products, and a strong executive team. In a cyber world data is king and therefore holds great value.