Why now is the best time to reimagine cybersecurity

Companies must rethink how they view cybersecurity when accelerating digital transformation or risk greater exposure to new cyber attacks.

In brief

• Organizations that accelerated digital transformation plans during the COVID-19 pandemic might have inadvertently introduced new cyber risks.
• Companies need to leverage their digital transformation agenda to reimagine and implement cybersecurity as a strategic growth driver.
• They also need to address key cybersecurity challenges by plugging talent gaps, adopting more flexible budgeting models and driving mindset shifts.

Over the last year, organizations accelerated their digital transformation plans to cope with the fast-changing business environment amid the pandemic. Yet, the stopgap technology solutions deployed during the initial stages of lockdown might have also inadvertently introduced potential vulnerabilities. Organizations might consequently find current levels of defenses inadequate for the security needs of the new normal. 

According to the EY Global Information Security Survey 2021 (GISS), about three in four (73%) Asia-Pacific businesses highlighted that they saw an increase in the number of disruptive attacks over the past year, compared with just 47% in the previous year.

As cyber threats grow, can businesses afford to downplay cyber issues, while continuing the digitalization path (and potentially create more risks), or should they leverage the transformation agenda to embed security by design across the organization?  

Clearly, the latter must be the way forward, but organizations that embark on the cyber transformation journey must be prepared to overcome key challenges in plugging talent gaps, adopt flexible funding models and embrace cybersecurity as a value driver. 

Adopt flexible funding

Despite the growing threat of cyber attacks, the cyber spend of Asia-Pacific businesses remains low — at just 0.05% of their annual revenue.¹ Chief Information Security Officers (CISOs) are struggling to scale up their functions’ efforts as they work with inflexible budgeting models, where they are either allocated a fixed portion within a larger corporate expense or cybersecurity costs are shared across the organization.

Organizations need to adopt a more flexible budgeting model, given the need for cybersecurity to respond quickly to the fast-moving cyber threat environment. Another reason is to build in agility for organizations to realign their cybersecurity strategy to their transformation initiatives.

Reimagine cybersecurity’s value

Tackling these challenges is not just the responsibility of the CISO or technology leader. It also requires the commitment and support of the board and management. The issue isn’t a lack of leadership support. According to the GISS, 39% of global organizations include cybersecurity on their quarterly board agendas, up from 29% in 2020. Further, only 20% of Asia-Pacific businesses include cybersecurity in the planning phase of any digital transformation program. 

while cybersecurity is increasingly recognized as a business priority, it is viewed as a compliance or risk concern, rather than a strategic growth driver. This perception will continue to be reinforced if cybersecurity teams focus on the escalating problems without offering solutions, leading to the shutdown of new initiatives that are too cyber-risky. Therefore, there is a possibility that cybersecurity is conveniently left out from the decision-making process in innovation initiatives, for fear that the lack of solutions may jeopardize the implementation of these innovations.