Digital transformation strategies can’t work without cybersecurity risk assessments

Posted: March 3rd 2015

In recent years CEOs across the financial services, retail and healthcare sectors have looked on with envy as start-ups have transformed market expectations through the use of new digital technologies. In response, many sought to implement their own digital transformation strategies across the enterprise, fearing they’d be the next Blockbuster if they didn’t adapt to their customers’ needs fast enough.

While this new digital culture – which embraces social, mobile, analytics, cloud and, increasingly, the internet of things – often increases the number of sales and online customers, it routinely fails to properly address the cybersecurity needs of the modern enterprise; an issue made evident each and every time a corporate ‘data breach’ story hits the headlines.

If those same executives want to realise the long-term benefits of a new digital culture, then they must first address their own cultural issues relating to cybersecurity.

A time for change

Although President Obama recently put cybersecurity on the agenda of Congress, historically, the issue has never been given sufficient time and attention by executives in boardrooms around the world.

In fact, while they’ve positively welcomed trends like ‘bring your own device’ (BYOD) and increased the powers of CIOs and CMOs, the levels of support and funding given to those responsible for cybersecurity pales in comparison.

However, with new legislation on the horizon and the huge costs of recent data breaches being spread across the business pages, CEOs must now assess the risks associated with a serious data breach, and embrace the crucial role cybersecurity plays in enabling digital transformation strategies.

Assessing the risk

Addressing cybersecurity threats and reducing information security risks is especially challenging because of the need to balance the protection of corporate data with the promotion and development of innovative technologies designed to improve business performance.

One effective strategy to address this issue is for those in charge of cybersecurity to take a holistic view of their entire business, assess what is ‘business-critical’ and then implement risk assessments and strict policies that must be adhered to at all levels.

Mapping out the security risks of the company in this way will enable organizations to assign access control parameters that work best for their individual business structure, keeping the gateways to certain information accessible only to those with the right permissions.

Protecting your digital defences

Any successful digital transformation will inflate the size and value of corporate data. Unfortunately this means the number of cyber-attacks will increase in frequency and sophistication – a fact that has been missed or ignored by many CEOs keen to jump on the digital bandwagon. However, strengthening cyber defences and locking down the gateways to the corporate network is both achievable and manageable.  With adaptive authentication, enterprises can define workable parameters for different employees, access requests and services within the same installation and under the same license, applying exactly the right level of authentication to any given scenario. Only then will corporate networks really begin to defend themselves appropriately in this hostile digital age.

Ultimately though, the c-suite must all recognise that cybersecurity risk assessments are an integral part of enterprise-wide digital transformation strategies.  And without them, any benefits CEOs hope to glean from new digital cultures and technologies will be short-lived, and will most likely result in an embarrassing corporate data breach.