Embracing emerging technologies has been saved
Embracing emerging technologies
A Deloitte perspective by Dana Spataru
How to turn security into a business enabler? How to manage security risks and capitalise on the opportunities that emerging technologies are offering? And what could be the role of the CISO? In this blog, Deloitte expert and partner Dana Spataru shares her take on the current and future cyber security landscape, based on our 2021 report “Cyber security in the Netherlands: a responsibility we share”.
Go directly to
- How to turn security into a business enabler
- The benefits of emerging technologies
- Boardroom topic
- Siloed security?
- Sharing experiences and connecting the dots
How to turn security into a business enabler
Security can be a business enabler and active driver of future growth. However, for this to happen, CISOs must take emerging technologies into consideration. “Emerging technologies” is a label applied to relatively new technologies such as connected products, cloud, 5G, and brownfield areas such as operational technology. Traditionally, emerging technologies have not been part of security strategies, but they are now increasingly converging with IT. However, instead of reaping the benefits of emerging technologies, some CISOs still struggle with them and view them as complicating factors. 10% of CISOs in our research indicated that emerging technologies give them headaches.
The benefits of emerging technologies
The term “emerging” might be confusing in this context, as these technologies are not really emerging but are already here. Clients today use emerging technologies to improve operational efficiency, increase health and safety, boost automation and reduce costs. And those are only some of the benefits. Telecom organisations are developing new 5G-based products and services, and manufacturers have developed many connected products or have enriched their existing machines with connectivity.
If CISOs turn their focus on securing these new aspects of business, they can act as business enablers and strengthen the position of their companies vis-a-vis competitors. If CISOs address privacy and security risks more proactively, they can give their organisation’s business side more confidence to venture into these novel areas. This discussion should start in the boardroom. However, our research shows that this happens only once per quarter in only 42% of organisations. This means that CISOs at the other 58% have work to do and that this topic should be on the agenda at least monthly. If CISOs don’t move quickly, they will be cut out of the digital decision-making of other departments, which would be a missed opportunity.
Organisations can look at security and design their future growth paths in an integrated way. What we often see is that manufacturing departments who use new technologies are already making decisions about their own security, and that digital departments run their products with their own established security processes. While it’s positive to see that security measures are being embedded, if security is siloed, it’s hard to learn from the experiences of other business units. These organisations are likely duplicating costs and efforts. More collaboration and clear governance are required between IT security, manufacturing security and product security to manage security risks and capitalise on opportunities.
Sharing experiences and connecting the dots
CISOs should share their experiences and connect the dots in a security strategy that covers the entire organisation. A good example is using security as a driver for increased operational efficiency and cost reductions, which in turn covers the cost of security. We recently implemented an integrated security operations centre at a large pharmaceutical company. This centre helps to increase automation and operational efficiency while decreasing health and safety risks in the manufacturing environment. It also creates products with embedded security and privacy, while simultaneously covering the costs of security. This helps the CISO to get buy-in from—in this specific case—manufacturing teams.
A more business-integrated role
There’s much we can learn from the most successful digital organisations — not just the tech giants but also the upcoming technology companies offering only digital products and services. They have built-in security in the core of their products, because they know that if they don’t, they won’t sell them. Also, they have coupled security KPIs to business KPIs because these are inextricably linked. Our research shows that the role of the CISO is developing in the right direction: from a purely technical to a more business-integrated role. In the coming years, I hope this development accelerates, and that CISOs get and take the position they deserve.
About the Dutch cyber security survey report
Recently, Deloitte Netherlands launched “Cyber security in the Netherlands: a responsibility we share”, a report based on a survey with 544 respondents (CxO executives, including CEOs, CISOs, CSOs, CTOs, CIOs, 70%), and IT professionals (30%). The report dives into several questions, such as: where are Dutch organisations currently when it comes to cyber security? What do CISOs worry about? How do they envision the future? How do they feel about making the Dutch digital ecosystem more secure? Part of the survey is dedicated to the perspectives of Deloitte’s experts, including the writer of this blog: Dana Spataru.
About Dana Spataru
Dana Spataru is a partner at Deloitte Cyber Risk Services and Lead Global Emerging Technologies security team. Her focus on emerging technologies brings new perspectives to digital transformations, where secure products and processes create new value streams and enable future growth.