Up until recently, technology has been seen as an enabler of business.
A way to make organisations more productive, more efficient or easier to buy from, for example. But increasingly organisations are designed for “digital business success”, putting technology at their core.
In a world where everybody in the enterprise works and thinks digitally, research from MIT[1] has found that IT units are more important than ever to building the success of the company. They talk about digital savvy leadership in terms of a strategic CIO, digital discipline, customer engagement and operational efficiencies.
But there is one area for me that should be above all of these, and that’s security.
With technology at the core of an organisation, security becomes paramount to protect what matters most. Yet a business falls victim to ransomware every 14 seconds[2], down from 40 seconds less than three years ago.
I talk to customers about the importance of security a lot, and there are a few common discussions.
The first is the importance of people. Not just from a training and cultural point of view, making sure that your entire organisation understands the value of security, but also from a skills and attitude point of view. It’s an area where we all face a scarcity of skills and resource, which is why almost the half the graduates we’ve hired this year will be focused on security, because we’re hiring for tomorrow.
But your senior leaders are important too. A CISO who is focused on growth and being a ‘guide dog’, not a ‘guard dog’, is more likely to create an environment of ‘how’ instead of ‘no’. That will help organisations achieve their business outcomes, but in a secure way.
Another area in the importance of reinvesting savings. In an era when we’re all constantly seeking operational efficiencies, we need reinvest those savings into what matters – security. That doesn’t just mean buying more technical solutions, it means seeing it as an opportunity and investing in it.
And thirdly, I talk about risk registers. Not the sexiest of topics. But when it can take businesses six months to spot a data breach[3], security is a rapidly changing landscape that needs to be on your risk register. By having it there, you and your board can make strategic decisions, you can put in place plan to mitigate the risks and it forces the entire board to be aware of the risks – and consider the opportunities.
Security can help your organisation grow whilst protecting the very core of your organisation.
[1] Companies with a digitally savvy IT unit perform better, Woerner and Weill, MIT Sloan Center for Information Systems Research, March 2019
[2] https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-exceed-8-billion-in-2018
[3] https://www.zdnet.com/article/businesses-take-over-six-months-to-detect-data-breaches/