Expertise - Business Strategy

Cyber security: what everyone needs to know in a wild digital world

 (Photo : PwC Luxembourg)

(Photo : PwC Luxembourg)

A digital revolution prompted by technological advances is changing the rule of the game in the business world and beyond. Most businesses today have in fact become digital, and software turns into the backbone of operations, products and services. Cyber security is becoming a must-have capability to succeed in a digital wild world. In Luxembourg, 57% of players expect to be victim of cyber crimes in the next two years1.

The proliferation of the so-called digital economy is forcing companies to deliver their services in a secure manner so customers continue to trust the provider and the product itself. Today, customers expect, in fact, the products offered by companies to be wrapped in an intuitive, engaging digital package that also protects their sensitive data, and a highly secure digital experience has become a must-have capability.

As a response to this changing environment, companies are developing new models to fight cyber threats characterised by agility, capable of acting on analytic inputs and adaptive to evolving risks and threats. At the core of this new approach are solutions like cloud computing, data analytics and real-time monitoring, managed security services, advanced authentication and open-source software.

More and more organisations, today, understand that cyber security is no longer simply an IT task. It can create business advantages, trust and shareholder value. And combining digital business models with cyber security can enable companies to confidently create entirely new digital platforms, products and services.

The PwC Global State of Information Security 2017 confirms that 59% of respondents said digitisation of their business ecosystems has impacted their digital security spending. And technologies that organisations are integrating with their digital business models include encryption, next-generation firewalls, network segmentation or identity and access management.

The cloud rules

In concert with the increase in cyber security spending, more and more business functions are managed in the cloud today. Our survey reveals that 63% of respondents are running IT operations in the cloud with companies administrating data and workloads such as finance, operations and customer service. In this regard, cloud-centric cyber security represents a dynamic approach to risk that can help an organisation better understand its overall business ecosystem and internal and external threats. A cloud-centric approach not only helps deter intruders but it also monitors those who do get in. Moreover, the fusion of advanced technologies with cloud architectures can empower organisations to more quickly identify and respond to threats, better understand customers and the business ecosystem, and ultimately reduce costs.

If robust cyber security is the question, outsourcing is the answer 

Together with could-centric approach, outsourcing is becoming a pillar for companies’ cyber security strategies. In fact, almost two-thirds (62%) of the Global State of Information Security Survey 2017 respondents say they use security service providers to operate and enhance their digital security programs. A primary driver is the global shortage of skilled cyber security specialists, while cost represents another factor. In fact, businesses may not have the resources to hire an end-to-end team of full-time professionals. So they are outsourcing a range of technology safeguards to managed security providers, including authentication, data loss prevention, identity and access management, and real-time monitoring.

Watch out, the EU is taking cyber security seriously

With the proliferation of the digital economy, also legislators around the world are paving the way for record levels of enforcement actions, class-action lawsuits and regulator scrutiny over new technologies such as geolocation tracking and big data analytics.

One of the most impactful is the EU’s General Data Protection Regulation (GDPR), which goes into effect April 2018. The GDPR will bring cascading privacy demands that will require a renewed focus on data privacy for companies that offer goods and services to EU citizens.

Compliance with GDPR will be a challenge for many. Businesses may be required to conduct comprehensive risk assessments and implement new end-to-end security enhancements. Many will need to rethink data-governance strategies, and implement processes and technologies for maintaining comprehensive data inventories.

Although the wild digital world could represent a challenge for companies, advances in technologies such as artificial intelligence, machine learning, sophisticated advanced authentication and adaptive controls, when combined on the cloud, can enhance new architectural models and powerful cyber security and privacy capabilities that will help organisations get ahead of sophisticated and mundane threats.

For more information:

1 According to the PwC Global Economic Crime Survey 2016