How to marry security with digital transformation: 4 best practices

Organizations that make security an integral part of digital transformation plans gain a competitive advantage, PwC research shows
369 readers like this.
CIO Security

Companies must pursue a digital agenda to remain competitive, but as a company’s digital capabilities evolve, so do the risks and management strategies it must consider. While some companies make the mistake of thinking digital transformation and cybersecurity may occasionally overlap, companies that prioritize an integration of the two unlock a significant competitive advantage over their peers.

PwC’s latest Digital Trust Insights report, which includes data from more than 3,000 business leaders across 81 territories, identifies a distinct group of enterprises leading in this important alignment.

The trailblazers, comprising the top 25 percent of enterprises, are those that evolve to meet the demands of the fourth industrial revolution (4IR) by proactively incorporating cybersecurity into their strategic business plans. The remaining 75 percent of enterprises remain stagnant by isolating their digital agenda and overall business strategy from cybersecurity teams. The trailblazers, in contrast, are successfully navigating an increasingly complex operating environment by implementing a few key business practices.

[ Read also: Digital transformation ROI: How to check a project’s payoff. ]

PwC’s Digital Trust Insights identified the business practices that help companies become trailblazers. Here are four:

1. Embed your cybersecurity team into the strategic business plan

Sixty-five percent of trailblazers have embedded their cybersecurity team into their business strategy. By including cybersecurity teams in regular business management, companies can evolve and better manage the cyber risks inherent to the digital transformation that marks 4IR.

2. Take a risk-based approach to business development

Where there is risk there is reward, but leaders pursuing a digital agenda without involving their cybersecurity teams risk exposure to a host of cyber threats that would limit growth or even harm the bottom line. Nearly 90 percent of trailblazers involve their cybersecurity teams in decision-making to help manage the risks caused by digital initiatives.

[ Read also: Why IT leaders must speak risk fluently. ] 

3. Give your cybersecurity team access to senior leadership

It’s not enough for cybersecurity teams to just be involved in business management. Trailblazers ensure cybersecurity teams and senior leadership work closely together and cooperate so that these teams can better understand the company’s risk appetite around core business practices.

4. Get good at recovery

PwC asked information technology professionals to evaluate the maturity of five discrete categories laid out by the U.S. National Institute for Standards and Technology Cybersecurity Framework: Identify, Detect, Protect, Respond and Recover. Trailblazers reported higher maturity in their recovery functions as well as higher maturity in protection, detection, and response functions.

The goal: Stronger financial outcomes

Incorporating cybersecurity into business operations is not just about evolving to protect against cyber threats, rather it’s good business sense and leads to stronger financial outcomes. PwC’s Digital Trust Insights report found that more than half of trailblazers report that they expect profit margins and total revenue to grow by five percent or more, whereas amongst other companies, only 31 percent expect this level of growth.

Across the board, companies can bolster cybersecurity by proactively identifying business risks, assets and environments to anticipate and address the company’s needs. But, as PwC’s survey shows, the most successful companies are the ones already seeking ways to align their business and cybersecurity strategies. Cybersecurity is integral to success in the age of digital transformation and incorporating it to general business strategy translates to significant competitive advantages for enterprises.

After all, the digital and physical landscapes are blending to create a complex environment for companies to navigate. Businesses must re-evaluate their strategies to maintain a competitive advantage in the 4IR, and those strategies must include marrying cybersecurity with digital transformation.

[ Is AI part of your digital plans? Get lessons learned from your peers in the new HBR Analytic Services report, An Executive's Guide to Real-World AI. ]

T.R. is a Cybersecurity & Privacy Partner based out of Cleveland, Ohio.  T.R. has specialized in the area of operational and systems risk management, with a concentration in data privacy and cybersecurity, since joining PwC in 1996.