Light Dark
July 18, 2018 By Sue Poremba 3 min read
Data Protection
Intelligence & Analytics
CISO

We are in the midst of a digital transformation. And yet, IT departments are struggling to develop a digital strategy that addresses data privacy and cybersecurity. In a world where the General Data Protection Regulation (GDPR) is now in effect, the lack of such a strategy could end up coming back to haunt your organization and its leadership.

The Greatest Challenge Facing Digital Strategy Leadership

According to a June 2018 Harvey Nash/KPMG CIO Survey, the greatest challenge facing security and information technology leadership is the ability to deliver dynamic data while simultaneously providing a high level of security and privacy.

Only 32 percent of organizations have a company-wide digital strategy, the same survey found, and of those, 78 percent admit that the strategy in place is moderately effective at best. These insights imply that all of the data transmitted through organizations, including the personal information of customers, isn’t getting the level of protection necessary or satisfying GDPR compliance.

Jumping Into the Digital Transformation Too Fast

Let’s face it, most companies are failing or falling behind when it comes to cybersecurity — and the ongoing digital transformation is only exacerbating the situation. The Harvey Nash/KPMG survey states IT departments are doing fine when it comes to traditional technologies, but it also recognizes the increasing complexity that digital technologies bring to organizations.

Understanding these technologies is part of the problem — not only how they work, but also how they’ll best improve the nature of the business. It might be tempting to apply the latest and greatest available technology, whether you need it or not.

IT staff are often risk-takers — they like new technology and want to use it right away. Where they run into trouble is bringing in the latest technology without a real strategy to implement it both wisely and securely. Just because IT wants to update its technology doesn’t mean the company is ready for it.

Too Much Data, Not Enough Security

Understanding how a technology’s abilities intersect (or don’t) with a business’s needs makes the difference between a successful transformation and digital nightmare. Whether the technology is a boon or bust for the company, there is one thing it is guaranteed to do: generate more data — which will require layers of security. Without an effective digital strategy, understanding and protecting that data becomes problematic.

If the data were stored in one location, it might be easier to manage. But with increasing diversity of technologies, from the Internet of Things (IoT) and cloud computing to blockchain and virtual reality (VR), databases for one company are stored in thousands of endpoints. This reality is leading to increased risk of data breaches.

“[W]ith the emergence of these transformative technologies the perimeter has become dynamic and ever-changing,” wrote Peter Galvin, chief strategy and marketing officer at Thales eSecurity. “[W]hile protecting the perimeter is still important, it simply is not enough to prevent sensitive data from being stolen.”

Getting Leadership on Board

A strong digital strategy will provide the layers of security and privacy needed in the digital transformation, but this requires cooperation from all levels of leadership. Just as IT departments have a responsibility to be more business-aware and recognize how new technologies fit (or don’t fit) into corporate strategies, boards of directors must be more realistic about creating digital strategies that will meet today’s and tomorrow’s privacy concerns.

In the past, the fallout from data breaches and other security incidents fell directly on C-suite employees: Chief executive officers (CEOs), chief information officers (CIOs) and chief information security officers (CISOs) have been held accountable by directors. However, the responsibility often falls on the board to approve budgets, support cybersecurity funding and efforts and create corporate strategies.

Thanks to GDPR — and rising security and privacy threats — boards may finally be getting the message. The Harvey Nash/KPMG survey found that boardrooms are increasingly prioritizing security. In fact, security has received the most significant increase in business priority over the past year.

And according to Board Effect, more boards are expanding to bring cybersecurity experts directly to the table as full members.

“Cybersecurity experts on the board have the proper expertise to advise the board about the best tools, processes and resources to keep hackers at bay,” the publication stated. “In addition, cybersecurity experts are the prime resource people for identifying new developments in IT as technology advances.”

This shift is promising for security professionals. With a digital perspective integrated directly into board decisions, IT departments should gain the leverage necessary to lobby for tools and support they need to meet the digital transformation with an adequate strategy to keep data secure.

Read the study from Ponemon Institute: Bridging the Digital Transformation Divide

 |  |  | 
Sue Poremba

More from Data Protection
November 19, 2024

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

November 8, 2024

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

November 7, 2024

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature