There is no reward without risk—and this, in a world where digital technology is vital to all aspects of business, is especially true of cyber risk.
I want to invite readers to take a new view of risk—specifically, of cyber risk, the theme of this issue of Deloitte Review. Much, of course, has been written about the dangers of cyber risk, with reports of breaches and attacks surfacing with alarming regularity. Overwhelmingly, these writings tend to focus on the negative impacts of cyber risk: the data stolen, the value lost, the damage done. And this is understandable. From a media perspective, bad news makes good press. It’s a lot easier to build a story around nefarious state actors and criminals out to steal our secrets than it is to raise the possibility that maybe, just maybe, cyber risk is something we not only must but should accept.
Why “should”? The answer springs from the notion that risk powers performance: There is no reward without risk—and this, in a world where digital technology is vital to all aspects of business, is especially true of cyber risk.
Business leaders understand that doing what needs to be done to create enterprise value often means taking risks. Think about the range of initiatives that today’s organizations undertake to pursue innovation, accelerate performance, and enable growth. Using social tools to attract customers and to change how employees collaborate and engage. Outsourcing non-core activities to an array of often-distant suppliers and vendors. Applying exponential technologies like cloud and the Internet of Things to transform the business. All of these actions rely on communication and data management through digital technology. In fact, there’s no escaping the reality that virtually everything an organization does, in this day and age, relies on digital technology—and thus is accompanied by at least some degree of cyber risk.
View the Dbriefs webcast
Explore the Cyber Risk Management collection
Read Deloitte Review
Naturally, taking on greater cyber risk through ventures like these shouldn’t mean leaving yourself more vulnerable to cyber risk. As with all risk, cyber risk must be managed with an eye to the organization’s risk appetite. But when managed from the perspective that risk powers performance, cyber risk begins to take on a different flavor. Far from always being undesirable, it emerges as a thing to be consciously taken, an inevitable concomitant of growth. Leadership’s task is to enter into situations that entail cyber risk with their eyes wide open so that, understanding the risk, they can take steps to address it.
I encourage you to view the exploration of cyber risk in this issue through a different lens. Instead of thinking of cyber risk solely in terms of the number of attacks or the value that could be lost, consider thinking of it in terms of how many more customers it allows you to reach, how many more relationships it enables you to maintain, or how many more products it allows you to manufacture. Yes, managing cyber risk is about keeping your organization out of trouble. But it’s also about using sound risk management techniques to position your organization for success. The operative question: How can you leverage cyber risk to power performance?