Cyber, cyber everywhere
Is your cyber strategy everywhere too?
Organisations are embedding connected digital technologies in their information technologies, operational technologies, and end products, making cyber a top organisational priority. Innovating fast is now contingent on a well-orchestrated cyber program.
In the 21st century, the connective power of technology is giving rise to a wave of innovative products and services that are transforming the way people live and work.
To build innovative, connected experiences, businesses need a strong cyber program. Every time a device is connected to a sensor that in turn connects to a network, a new cyber vulnerability emerges at each connection point. On a larger scale, connected technologies increasingly underpin the functioning of the nation’s power grids, factories, entertainment venues, and communication and transportation infrastructures. Indeed, cyber vulnerabilities are seemingly everywhere these days, and they’re only going to become more prevalent in the future. Yet, just because cyber is everywhere, it doesn’t mean that corporate strategies are necessarily following suit for addressing cross-enterprise risks. In Deloitte’s 2019 Future of cyber survey, which polled more than 500 C-level executives on cyber issues, more than 90 percent of respondents suggested that less than 10 percent of their cyber budgets were allocated to digital transformation efforts such as cloud migration, AI-driven products, and software-as-a-service (SaaS)—all areas where cyber vulnerabilities are becoming more prevalent.
Not just IT's problem any more
- The number of cyber stakeholders is expanding. — With IT, operational technology (OT), and the end user coming into the picture, cyber has to be an important consideration for executives from across the top ranks of management. It can no longer be relegated into an organisation’s sublayers, but instead should be represented in the C-suite so that the broader business can better understand the priority and importance of creating a cyber-secure enterprise. Included in the lengthening list of cyber stakeholders are individuals such as the chief supply chain officer (CSCO), the chief innovation officer, the chief marketing officer (CMO), the chief operations officer (COO), the chief risk officer (CRO), chief information officer, and chief information security officer (CISO), plus procurement, facilities managers, plant managers, and even (or especially) employees on the ground. A cyber governance model that starts and ends with the CISO under the confines of IT is no longer enough.
- Standardisation doesn’t apply. — On the surface, most IT security solutions are fairly standardised, database structures are uniform, and firewalls still work broadly—regardless of industry or use case. However, how a hospital deploys robotics can be very different from the way a smart factory does. Nowadays, organisations combating cybercrime need to consider IT, OT, and customer product environments—all with have their own nuances that often lack a cross-organisational framework. Because of this, each cyber solution requires a level of bespoke customisation that makes every solution set unique.
A cyber strategy that recognizes these principles can help organisations develop approaches to strengthening security that fuel—not throttle—the pace of innovation.
A stakeholder challenge: Getting people to step up
Since cyber is everywhere, cyber awareness needs to be embedded everywhere. That means that cyber must be part of everyone’s job in a very literal sense. Converging cyber environments blur the lines of responsibility among stakeholders. No longer does the onus of cyber fall squarely on the CISO; rather, it is—or should be—a cross-functional endeavour.
In practice, unfortunately, cross-functional collaboration on cyber issues rarely happens. In the aforementioned Future of cyber survey, only 30 percent of respondents indicated their organizations have integrated some form of cyber liaising into their core business functions to facilitate cyber awareness and readiness throughout the organization. This poses a real problem for cyber-awareness.
Figure 1 lists some steps that executives in various functions can consider to help achieve cyber awareness and action across the product life cycle.
The standardisation challenge: Keeping up with the march of technology
As organisations’ collective ambition has grown to push advanced technologies both across the enterprise and into consumers’ hands, their cyber environments have expanded to include IT, OT, and customer-facing products and services. And with this expansion has come an ever-increasing variety of technology infrastructures and systems across which cyber must be maintained—and more closely integrated. Yet, as organisations integrate IT, OT, and product environments, they are confronted with the reality that each environment has its own unique systems and processes that make finding a standardised solution difficult.
The convergence of the IT, OT, and consumer product environments pays dividends in terms of innovations to better serve the consumer—but also introduces intricacies that make products vulnerable throughout their life cycle. Moreover, the sheer variety of connected products, along with the proliferation of third parties that may have a hand in developing them, make it impossible to devise a one-size-fits-all solution. These factors make it that much more important for cybersecurity to be embedded into all facets of product development.
Download the report to read about the three paths organisations can take to navigate the new frontier of cyber, and develop solutions that cultivate an innovative—and secure—environment.