We are in the midst of a digital transformation. And yet, IT departments are struggling to develop a digital strategy that addresses data privacy and cybersecurity. In a world where the General Data Protection Regulation (GDPR) is now in effect, the lack of such a strategy could end up coming back to haunt your organization and its leadership.

The Greatest Challenge Facing Digital Strategy Leadership

According to a June 2018 Harvey Nash/KPMG CIO Survey, the greatest challenge facing security and information technology leadership is the ability to deliver dynamic data while simultaneously providing a high level of security and privacy.

Only 32 percent of organizations have a company-wide digital strategy, the same survey found, and of those, 78 percent admit that the strategy in place is moderately effective at best. These insights imply that all of the data transmitted through organizations, including the personal information of customers, isn’t getting the level of protection necessary or satisfying GDPR compliance.

Jumping Into the Digital Transformation Too Fast

Let’s face it, most companies are failing or falling behind when it comes to cybersecurity — and the ongoing digital transformation is only exacerbating the situation. The Harvey Nash/KPMG survey states IT departments are doing fine when it comes to traditional technologies, but it also recognizes the increasing complexity that digital technologies bring to organizations.

Understanding these technologies is part of the problem — not only how they work, but also how they’ll best improve the nature of the business. It might be tempting to apply the latest and greatest available technology, whether you need it or not.

IT staff are often risk-takers — they like new technology and want to use it right away. Where they run into trouble is bringing in the latest technology without a real strategy to implement it both wisely and securely. Just because IT wants to update its technology doesn’t mean the company is ready for it.

Too Much Data, Not Enough Security

Understanding how a technology’s abilities intersect (or don’t) with a business’s needs makes the difference between a successful transformation and digital nightmare. Whether the technology is a boon or bust for the company, there is one thing it is guaranteed to do: generate more data — which will require layers of security. Without an effective digital strategy, understanding and protecting that data becomes problematic.

If the data were stored in one location, it might be easier to manage. But with increasing diversity of technologies, from the Internet of Things (IoT) and cloud computing to blockchain and virtual reality (VR), databases for one company are stored in thousands of endpoints. This reality is leading to increased risk of data breaches.

“[W]ith the emergence of these transformative technologies the perimeter has become dynamic and ever-changing,” wrote Peter Galvin, chief strategy and marketing officer at Thales eSecurity. “[W]hile protecting the perimeter is still important, it simply is not enough to prevent sensitive data from being stolen.”

Getting Leadership on Board

A strong digital strategy will provide the layers of security and privacy needed in the digital transformation, but this requires cooperation from all levels of leadership. Just as IT departments have a responsibility to be more business-aware and recognize how new technologies fit (or don’t fit) into corporate strategies, boards of directors must be more realistic about creating digital strategies that will meet today’s and tomorrow’s privacy concerns.

In the past, the fallout from data breaches and other security incidents fell directly on C-suite employees: Chief executive officers (CEOs), chief information officers (CIOs) and chief information security officers (CISOs) have been held accountable by directors. However, the responsibility often falls on the board to approve budgets, support cybersecurity funding and efforts and create corporate strategies.

Thanks to GDPR — and rising security and privacy threats — boards may finally be getting the message. The Harvey Nash/KPMG survey found that boardrooms are increasingly prioritizing security. In fact, security has received the most significant increase in business priority over the past year.

And according to Board Effect, more boards are expanding to bring cybersecurity experts directly to the table as full members.

“Cybersecurity experts on the board have the proper expertise to advise the board about the best tools, processes and resources to keep hackers at bay,” the publication stated. “In addition, cybersecurity experts are the prime resource people for identifying new developments in IT as technology advances.”

This shift is promising for security professionals. With a digital perspective integrated directly into board decisions, IT departments should gain the leverage necessary to lobby for tools and support they need to meet the digital transformation with an adequate strategy to keep data secure.

Read the study from Ponemon Institute: Bridging the Digital Transformation Divide

More from Data Protection

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today