Written by Nick Galletto, Deloitte Global Cyber Risk Leader
Historically, cyber has been viewed as a preventative program – one that mitigates threats to existing technologies and infrastructure. However, as the corporate landscape and world becomes more connected, the importance of cyber has become unparalleled.
To put it into perspective, the cost of financing a cyberattack is only US$34, while the cost to the business affected is much greater, reaching upwards of millions of dollars. The financial implications can be staggering, yet businesses view cyber just as an IT issue. This has prevented organizations from realizing the untapped potential a robust cyber program can offer, halting the innovation it can enable to achieve business objectives.
It’s time business leaders view cyber as an enabler of business growth, which leads to endless possibilities and drives innovation. As highlighted and explored in a recently launched Deloitte Review article, “Cyber, cyber everywhere: Is your cyber strategy everywhere too?” this shift starts from within.
Rather than implementing cyber at the IT level to protect existing systems, businesses must explore ways to incorporate cyber at every level of an organization and across technologies.
While likely not the innovation strategy business is used to, incorporating cyber into broader, C-suite strategic initiatives will make it a priority and enabler of digital transformation programs, ultimately fostering innovation and leading to continued growth.
In a recent study, “2019 future of cyber survey”, Deloitte polled more than 500 C-level executives to understand the existing outlook toward cyber. The results were insightful, revealing that over 90% of respondents allocated less than 10% of their cyber budgets to digital transformation efforts. These include initiatives such as cloud migration, Artificial Intelligence (AI)-driven products and software-as-a-service (SaaS), which not only increase business efficiencies, but enable the implementation of next-generation capabilities into existing systems, forging new “connected” territories.
The survey results also show that there is still hesitancy around cyber. Even though “cybersecurity vulnerabilities” consistently rank as a top concern among business executives, this hesitation is stopping the pursuit of connected initiatives, such as AI-based programs, perpetuating a vicious cycle that is stifling progress and innovation.
The current cycle shows that businesses believe that pursuing connected technologies opens the door to new cyber vulnerabilities. Due to these potential threats, businesses then slow down innovation to implement more robust cyber programs, or often halt the process altogether to avoid any potential risks and cyber implications.
But this cycle must be broken or else businesses will fall behind, ultimately hurting growth and preventing innovation before it even starts. If leaders incorporate cyber into their strategy from the start, they can address these risks across the organization, making the pursuit of digitally connected technologies possible and shifting the cyber mindset from one of risk mitigation to innovation enablement.
Navigating a new “digitally connected” frontier
Businesses need to explore new ways to restructure and redesign internal strategies and systems with cyber at the forefront. Digital transformation initiatives must be at the cornerstone of any growth strategy, which by default must include cyber. With the proliferation of connected technologies across entire businesses, cyber initiatives reduce technologies and systems risk, but also reduce risk associated with errors and omissions caused by people.
Examples of how cyber has permeated the corporate and business landscape are endless.
There is no industry or type of organization exempt from the cyber revolution. From financial institutions managing personal customer information to healthcare systems implementing smart technologies into patient care, organizations of all kinds must make cyber a priority to protect itself and its customers, differentiate from the competition and keep up with the pace of technology.
With this in mind, cyber can no longer be siloed within IT. It has spread into Operational Technology (OT), demanding the need for integration across departments. The most effective way to implement cyber across multiple business functions is to make cyber a C-suite priority and responsibility. This will help weave cyber into the fabric of a company’s overall strategy and encourage cross-functional collaboration.
The organizations that embed cyber everywhere are the ones that will lead the charge in successfully implementing advanced technologies across every facet of their business. These companies will be the vanguard of innovation and digital transformation.
The path forward
The picture is clear: viewing cyber as a core C-suite priority and as a driver for innovation and growth, businesses will excel. By only examining the incidents cyber can prevent, businesses are preventing themselves from tapping into their full potential, strangling innovation and slowing must-needed digital transformation efforts to a snail’s pace.
Incorporating cyber as a cross-functional collaborative priority makes the pursuit and implementation of next-generation technologies possible. It opens the door for trial and error; ultimately driving innovation and helping businesses grow by staying ahead of the ever-changing connectivity curve. The time is now to drop the cyber stigma and take full advantage of its endless possibilities.
Nick Galletto, Deloitte’s Global Cyber Risk Leader wrote this article. Nick has over 30 years of experience in information technology, networking, systems management and information security management. He has accumulated extensive experience in the management, design, development and implementation of cyber risk management programs.
Nick has worked with executive leaders in helping them understand and implement cyber risk strategies as a business enabler. Over the last several years Nick’s primary focus has been helping clients with the development and implementation of cyber risk management solutions both for IT and OT, making their organizations cyber resilient by proactively protecting, detecting, responding and recovering from cyber events.