Transforming companies must put cyber security front and center
Transforming companies must put cyber security front and centerBack to overview
77 percent of CEOs say that ‘innovation’ will be a core component of their business strategies over the next three years
The pace of change continues to accelerate as the fourth industrial revolution ushers in an era of machine learning, cognitive computing, artificial intelligence and a world in which virtually everything is connected through the internet of things. Amid these rapid technological advances, the associated security risks are also increasing exponentially. In October 2016, the world caught a glimpse of those risks when hackers used tens of thousands of compromised internet of things devices (e.g. cameras, routers and DVRs) to launch distributed denial of service attacks that caused widespread internet problems and disrupted access to a host of popular online services*.
We’re living in a world in which technological change is taking place at lightning speed, companies are transforming and everything is connected. The bottom line for CEOs of transforming companies is that they and their leadership teams need to act now to implement a strategic, holistic approach to cyber preparedness that will not only protect their valuable data, but also enhance the company’s agility and better position it for growth down the road.
Most companies have some perception of the risk side of the cyber equation. In other words, if we don’t do this and we have a breach, we will lose customers, it will negatively impact our brand, etc. But there’s also a positive aspect to this equation. Cyber preparedness can actually enable your company for new opportunities for revenue growth. That should be the message that more CEOs are listening to today.
Cyber preparedness enables your company to focus on new opportunities for revenue growth
Many executives and directors have anxiety around adopting new technologies to gain a competitive advantage. Every week I have conversations with board members who say they’re concerned about putting their information ‘in the cloud’ and that they think it means they can get attacked more easily. What I tell them is that number one, most cloud service providers understand security is a priority and they build their systems accordingly. And number two, I remind them that sometimes not moving to the cloud is a bigger risk than putting your information there. If all of your competitors are in the cloud, they’re able to be faster and more agile. By staying with your legacy, slow-moving IT infrastructure, you can be putting your company at a distinct competitive disadvantage. In other words, the value you can provide to your customers can be limited by your technology stack.
One of the other major blind spots for executives is viewing cyber security as an IT risk only, when it should really be viewed as a strategic part of the company’s holistic business strategy. The question shouldn’t be ‘how much of my IT budget are we spending on cyber’. The question should be ‘how much of my business change or innovation budget are we spending on cyber security?’ When you treat cyber security as an IT risk only, you risk missing opportunities and inflection points that could help fuel business growth.
When you treat cyber security as an IT risk only, you risk missing opportunities and inflection points that could help fuel business growth
No matter what industry you’re in, data is the lifeblood of modern business. A high-quality cyber preparedness program will not only focus on keeping the data safe and secure. It will also help to increase and improve the integrity of that data to make sure that you have the right and complete data upon which to base your business decisions.
Recently, an equipment manufacturer with a long track record of strong sales and premium pricing noticed that they were losing market share. Their analysis revealed that their products were having a much higher fail rate than usual. As a result, an increasing number of customers were opting to buy from other competitors. After further investigation, the company realized it had actually been the subject of a cyber attack. However, this wasn’t a typical breach in which customer or company information was stolen. Instead, the hackers had gone in and changed the parameters in the company’s quality control programs so that every component (even those with flaws and defects) would pass quality control testing. Their operational systems were telling them everything was fine. Meanwhile, they were sending sub-par products into the marketplace because a cyber attack had impacted the integrity of their data. The financial impact of this attack measured in the billions of dollars.
In another example, a major retailer suffered a cyber attack in which customer information was stolen by hackers. The breach resulted in negative headlines, a falling stock price, a tarnished brand, executive terminations and lawsuits against the board. Those were the tangible, day-to-day business impacts that could be witnessed and measured. What may not have been publicly known was the fact that because the retailer had to deal with the fallout from this massive breach, their business growth program, which had been its number one priority prior to the breach, had to be shelved for 18 months. That growth program would have been a strategic benefit that could have helped the company increase its market share and growth opportunities. And it had to be put on hold for a year and a half due to the hack. While it’s difficult to pinpoint the financial impact of that delay, it’s fair to say it would have been in the hundreds of millions of dollars.
Companies are hungry for growth
In KPMG’s 2016 Global CEO Outlook survey, cyber security was the top risk named by global CEOs this year, up from the fifth-highest ranking last year. Despite this level of awareness and concern, 72 percent of CEOs say their companies are not fully prepared for a cyber event.
Companies are hungry for growth. CEOs have told us they’re prioritizing innovation at a strategic level. Yet, organizations continue to underinvest in cyber security and this under-preparedness is one of the top barriers to innovation.
In an increasingly connected and fast-paced business environment, leadership teams must look at every major business decision through the cyber security lens. They need to ensure that they have people in all parts of the organization who understand cyber issues. And they need to talk about and plan for these issues up front, so they can understand where the business is going, plan for that change and build a more adaptive, agile cyber security strategy that aligns more closely to the business to help set the stage for security, innovation and growth.