You only need to look at the increasing number of publicly quoted cyber security breaches to realise that an insecure system is bad for business.
An inability to keep both customer and organisational data confidential can have serious consequences.
However, without a cyber attack occurring or anything going wrong, cyber security can be seen as an unnecessary expense, a burdensome cost on the enterprise, leaving many to question whether the amount spent on security was investment best placed.
Fear is far too often employed in order to drive uptake, either through crises that have happened in the past, or hypothetical events that could occur in the future.
This discussion will always lead executives to see cyber security investment as a necessary but unwanted cost. But cyber security is critical, not just from a defensive point of view, but also as a business driver, allowing organisations to confidently open up doors to conduct business in a global, digital environment.
The case for cyber security must be reconsidered from one of protection to one of enablement.
Cyber security should not simply be judged by the potential cost of a breach, but rather by the contribution it makes towards meeting corporate goals.
The cyber security industry needs to shift the discussion to emphasise the growth opportunities that cyber security can facilitate.
A tough economy, increases in regulation, advances in technology and expanding global markets all present opportunities to secure competitive advantage.
Whether it means looking to create supply chain agility, secure the best talent, work with new suppliers or to digitise business processes – whatever the focus may be, to achieve these aspirations you need to unpick what they really mean in practice.
For example, what specifically does an organisation need to do in order to attract the very best talent?
Answers to this may range from creating a vibrant working environment, enabling the latest technology through to improving the communications infrastructure.
Very quickly initiatives such as ‘bring your own device’, as well as opening up the corporate network to personal smartphones and tablets, become part of this debate.
Having the right security infrastructure in place beforehand will enable you to implement such activities quickly and reliably, without having to assess the security risks and develop a solution from scratch, each time you make a process decision.
The supply chain is another area where a reconsidered approach to cyber security highlights a clear business case for investment. In today’s enterprise, agile and efficient supply-chains can be a key competitive differentiator; just look to Amazon for an example of this.
Supporting a world-beating supply chain necessitates increasingly digital processes, which open an organisation up to further data sharing and potential for a breach.
Whether sharing plans for new product designs or working closer with retailers, a secure environment is a must have.
Again, without the right security infrastructure in place, an organisation’s ability to adapt at speed is severely hindered as business units wait for cyber security to catch up.
In the interim, a competitor might be able to ensure products reach customers more quickly or that they can operate far more cost effectively – putting you at a comparative disadvantage.
Thinking in this way changes the cyber security business discussion from one focused on the cost of cyber security and the ‘what if’ scenario, to one that examines how security can align to the needs of the business and make a real contribution to securing competitive advantage.
The earlier that security is considered in company strategy, the more naturally it fits, becoming less of an encumbrance or barrier.
Ultimately, approaches to cyber security should stem from the way your company wants to do business.
If you want your organisation to be considered as a top employer, one that customers love, that suppliers want to be working with and which takes advantage of the latest technologies – cyber security should be part of that vision.
Far too often cyber security is seen as a governing set of rules and constraints that tie the business down.
Cyber security enables an organisation to conduct business in a digital age with confidence, openly and globally. It drives competitive advantage, efficiency and growth and should underpin every corporate strategy.
Sourced from Andrew Rogoyski, UK VP and head of cyber security services, CGI