Baking cyber resilience into one’s digital transformation program

Alexandre Minarelli,   Technology Risk Associate Partner ,  EY Luxembourg . (Photo:  Ernst & Young Services SA )

Alexandre Minarelli,   Technology Risk Associate Partner ,  EY Luxembourg . (Photo: Ernst & Young Services SA )

Nowadays it has become crucial for organizations to bake cyber resilience into their digital transformation programs.

Why is it crucial today for organizations to bake cyber resilience into their digital transformation programs?

Digital transformation has become imperative for most if not all businesses today to improve customers’ experiences and meet their demanding expectations in a changing world. The pandemic has triggered an acceleration in digital transformation at an unprecedented scale. Hence, embedding cyber resilience into a digital transformation program is not just a nice-to-have but a must-have that should be considered by each digital transformation program owner.

However, with this digital move, the risks associated are increasing in quantity and complexity: using new technologies, moving applications to the cloud, outsourcing services across, adopting emerging solutions, etc. As technologies evolve, so do attack vectors and the risk posed by tenacious threat actors grows in frequency and impact each day.

Therefore, offering services that are continuously available to customers requires organizations to become more reliable and resilient in this complex environment. Organizations must be prepared to withstand cyber incidents and attacks, by having the right skilled people, tools, and capacity to bounce as quickly as they are taken down. With the growing threat posed by cybercrime, organizations will never be adequately business resilient if they ignore or underestimate the need for robust cybersecurity planning.

Integrating cybersecurity processes from the outset can strengthen digital transformation projects. But organizations are at different stages and need to work with the right experts to navigate the options available to them, no matter where they are on their journey. Choosing the right team of experts to tightly integrate cybersecurity into your digital transformation projects will enable you to:

- Address risk management through an integrated approach using a combination of consulting, technical security and managed security services – to identify and manage risks in a prioritized manner and where business-critical;

- Reduce the complexity of your security architecture and operational model;

- Develop a cyber resilience plan using language that the business will understand;

- Create greater customer satisfaction, loyalty and trust among your stakeholders;

- Add value to the digital business to build resilience-by-design into the project and embed seamless security, without negative impact on project timelines;

- Develop an integrated approach to cybersecurity to reduce your organization’s risk footprint to detect increasing cyber threats and, if necessary, react or recover quickly and efficiently from a breach;

- Implement applied threat intelligence into your security to ensure IT is resilient against the latest threats;

- Understand the cyber defense maturity of your own business and implement an architecture that will help you prioritize investments, align them with business objectives and keep ahead of regulatory and compliance pressures.

How do you assist your clients in that direction?

Adopting security by design is in the DNA of any digital transformation project that we assist our clients with. At EY, we believe that, when implementing a digital transformation, sound security is no accident. Companies that consider security from the start assess their options and make reasonable choices based on the nature of their business and the sensitivity of the information and services involved. Threats may transform over time, but the fundamentals of sound security remain constant.

As security is often considered as a blockage to products and services deployment, we focus on providing our clients with security solutions and guidance that would not only reduce the risk of potential security incidents, but also further enable business through process improvement.

We also have the chance to have among our team different profiles of expertise, such as cyber security, Information Technology, data analytics, etc., who are able to understand and provide our clients with all their security requirements based on their business environment.

What should companies who failed to bake security into their digital transformation do now?

Way too often, not enough is done to protect the company’s assets and business and lessons are learnt the hard way. The first step towards any remediation is to recognize the importance of security controls to the digital transformation program and to the business. Businesses in this situation need an in-depth understanding of their risk profile, the threat vectors of their digital transformation program and the impact a security incident can have on them and their reputation on the market.

We believe conducting this risk-based assessment would equip Management at C-suite with the necessary information in order to support security initiatives and prioritize efforts and investments in a valuable way. Their support is very important in order to have the necessary sponsorship and empowerment to implement security controls and solutions that can accompany the company in growing a resilient business.