Before the COVID-19 pandemic, organisations at the forefront of digital transformation saw the opportunity to boost productivity and reduce costs by adopting remote ways of working and digital routes to market. The pandemic has accelerated this transformation significantly, and it’s now a necessity rather than a trend. But with this increasingly digital existence comes a growing need to focus on cyber security. Not only to mitigate constantly evolving threats, but to unlock the growth that digital trust enables.
To do this, organisations must be responsive to customer demand, evolving their digital trust stance and cyber security approaches to protect them. And that means building resilience by:
A cyber-savvy mindset and cyber secure culture brings the whole organisation together to look for growth opportunities enabled by technology while building pride in the workforce that their organisation is trusted to look after customers’ data well. In this environment, knowledge of cyber and information security become second nature and are expected of everyone.
For the Board, this can include scenario planning and resilience exercises to prepare them for the decisions they’ll need to make in the event of an incident. This would give Board members, shareholders and customers confidence that they can manage the incident effectively. Leaders also need to be visible advocates of doing the right thing. Others mimic the behaviours of leaders, so failing to visibly model good cyber security practices will undermine the efforts to build a firm-wide culture.
For employees, it’s important to increase their general understanding of cyber risks and empower them to take responsibility for their own cyber hygiene. Training will be essential but other methods, such as ‘cyber nudges’ and celebrating good practices, will also be important to embed behavioural change in the long-term.
With a workforce that has a keen understanding of the business impact of digital trust and cyber security, you’ll reduce risk and drive value generation as you can make educated investment choices more easily. Cyber security companies are, of course, at the forefront of this, and even small organisations are seeing digital growth ideas from new areas of their workforce as a result of increased appreciation of technology and cyber security across the workforce.
The other, often overlooked, way to improve the cyber security of an organisation is by making it easier to comply with cyber secure processes than to circumvent them. That means redesigning processes to make them secure, intuitive, fit for purpose and seen to make the day job easier. It might also mean making the ‘wrong’ way of doing things harder.
In deconstructing and redesigning processes, there’s also an opportunity to engage people, get them to take pride in doing things the right way and encourage their innovation. We’ve seen financial services organisations involving their teams in this process, and creating a sense of ownership that helps people feel empowered to do the right thing and to police the processes themselves.
Building a cyber-savvy culture and processes that encourage security compliance lays the foundations for secure systems. Systems should, of course, be secure-by-design. This means using an understanding of the type of information an organisation holds, the threats and vulnerabilities it faces, and its risk appetite to design security into its systems and enable those security functions to evolve with risks. This design will be much more effective if the process and people elements of cybersecurity are reliably protecting information and data.
Telecoms organisations are already seeing their customers starting to demand cyber secure devices and they’re seeing this make a real impact on sales and user base as consumers vote with their feet.
Technology-enabled growth is at the heart of business today. It drives higher returns and provides the ability to invest in staff and assets. Harnessing this in an age when consumers and users expect convenient, instant access to new technology, data and communications requires an approach that builds digital trust. That means bringing together systems that are secure-by-design, processes that encourage security compliance and people with a cyber-savvy mindset. Together, these will enable organisations to safely seize the opportunities digital disruption offers.