Expert insight: De-risking digital transformation
By Ilijana Vavan, Managing Director for Europe at Kaspersky Lab
From small businesses to global conglomerates, digital transformation is taking place across all sectors and sizes of organisations.
It is one of the key decisions that business decision makers find themselves faced with. Studies have found that 96% of companies consider it important or critical to their development, whilst MIT Centre for Business discovered that digital transformation can have an enormously positive effect, with 26% of businesses investing in innovation being more profitable than their average industry competitors.
But in a bid to embrace and elevate IT systems and services, security considerations are at risk of being downgraded.
For example, despite a huge media and regulatory focus on the security of personal information and company-held data, the security of data travelling across and stored in the cloud can be an afterthought. But with digital transformation projects often relying on the use of cloud-enabled infrastructure and services, the risks of not securing data often outweigh the rewards.
In fact, cloud-related IT security incidents are not uncommon and are among the costliest for businesses to recover from. Research shows that incidents affecting IT infrastructure hosted by a third party cost £1.2mn for enterprises and £90,000 for SMBs. Instead of benefitting companies, digital transformation strategies could in fact be leaving them exposed and vulnerable. According to Forrester, one-in-three (31%) IT decision-makers are already worried about the security aspects of digital transformation.
A data breach or IT security incident could impact transformation strategies and, in turn, business innovation and growth. To ensure a secure and successful approach, businesses need to put cybersecurity front of mind when looking at the areas of planning, processes and people.
Planning
Although digital transformation strategies vary according to business plans, Aberdeen Group has identified the three key digitalisation technologies that have the greatest potential to impact operations: IoT, due to its ability to provide operational intelligence; the cloud, for its scalability; and big data analytics, which can transform data into predictive and actionable insights.
Digital transformation often involves the need to operate with growing IT infrastructure. Cloud environments provide the necessary scalability and embracing IoT involves connecting new devices across production lines, factory floors or workspaces every day, then analysing the data they produce.
But businesses can lack visibility and accountability of their data when taking this approach. This puts information at risk of compromise or even encryption, from threats such as the Zepto ransomware, which spreads via cloud storage apps. Planning to avoid these issues is key to digital transformation security.
Processes
Embracing digital transformation strategies involves facilitating the movement and sharing of data, meaning that cybersecurity needs to be built into any data processes from the start, if data is to be secured.
Nine-in-ten businesses are now using cloud computing in some shape or form, to improve cost efficiencies and grow their infrastructure according to demand. While this means that businesses are becoming more agile, it is also impacting the transparency of data exposure. Data ‘on the go’ (including data that’s held and processed in cloud environments or in third-party IT infrastructure), is presenting businesses with new security issues, and, as a result, new costs.
According to our research, the most expensive cybersecurity incidents over the past year have been related to cloud environments and data protection. For SMBs, two-in-three of the most expensive cybersecurity incidents are related to the cloud.
Processing data ‘on the go’ is an inevitable part of digital transformation. However, the high costs of associated security incidents could pose a threat to future digital transformation strategies. The key is to build security into data processing at every step; whether that’s through service level agreements (SLAs) with third-party providers, or by selecting cloud services with suitable encryption and data recovery mechanisms.
People
With cybersecurity incidents being far-reaching and costly, the boardroom is increasingly taking part in the cybersecurity-provisioning debate, as part of a wider discussion about digital transformation.
Our research suggests that C-level executives now feel they have a personal and professional stake in the changes being made. Enterprises are now spending almost a third of their IT budget (£6.8m) on cybersecurity, demonstrating the importance top management is now willing to attribute to security.
In addition, IT security budgets are expected to rise over the next three years across all segments - very small businesses and enterprises alike predict they will spend up to 15% more on cybersecurity in this time, while SMBs predict a similar 14% increase.
CEOs are recognised as the driving force behind digital transformation change. They are ramping up their playbooks, changing their mindsets, and recruiting for roles such as Chief Digital Officer, with the authority and budget to make things happen.
What’s abundantly clear is that the best chance of digital transformation success is when data processes are secure and vulnerabilities protected against. But for that, companies need a reliable partner that can provide the best technical solutions that are also flexible enough to adapt according to each and every business need.