Overview
In today’s fast-changing digitally-led economy, most businesses are currently going through some form of digital transformation, either to improve their offering or to streamline their operations, with many already seeing the benefits of financial investments made. The Catch-22 is that with this increased use of technology and collection of personal data, the need for protection increases. But not all businesses are actively protecting themselves against cybercrime.
“A hacker attack happens every 39 seconds”
- Clark School study at the University of Maryland
Key findings
The main purposes of the technologies invested in are:
MULTIPLE CHOICE ANSWER | RESPONSES |
To integrate, activate and utilise data across functions to enhance business | 67% |
To update obsolete systems | 51% |
To reinvent and evolve business processes | 51% |
To secure sensitive data at risk of breach | 34% |
Attitudes:
- 78% of businesses agree that digital transformation is the only way to thrive in the current and future economy
- 64% of businesses agree that it is inevitable that digital technologies will replace lower skilled jobs
- 12% of businesses strongly agree and 38% agree that the more technology you implement the more at risk you are of a cyberattack if adequate controls are not implemented
- 21% of leading European businesses do not have a cybersecurity strategy in place despite having invested in digital technologies
Insights from RSM
It is no surprise to see that the majority of companies are embracing digital technology and recognising its importance and future role. Any business looking for growth, longevity and a competitive edge is now using digital technologies, in multiple business areas to drive efficiency revenue and sales.
But the key to success is having a strategic approach. Risk management, security and good project management of any investment in digital transformation must be properly considered if the benefits are to be realised.
Effective digital transformation isn’t just about changing your systems; businesses must change their culture and their working habits. They must understand that these new processes bring different ways of working, new training requirements, and crucially, new risks. And it is here we see a major problem emerging.
When it came to reasons for adopting new technologies, the lowest driver is ‘to secure sensitive data at risk of breach’ and it is the first indication of an issue. This suggests that the need for more security tools and skilled resources to protect against the risk of a breach (as more firms become digitised) is not being recognised.
Further, there are two alarming findings that underpin this. Only 12% of businesses strongly agree that the more digital technology you implement the more at risk you are of a cyberattack, while 21% of European businesses do not have a cyber security strategy in place despite having invested in digital technologies. This means one in five European businesses have no coordinated way of tackling cybercrime.
It seems that many European businesses haven’t yet made the link that the more digital you become, the more connections and access points you have, making you more vulnerable to cybercrime and therefore more likely to have a breach.
It is clear: if you adopt digital technologies, you need a cyber security strategy. Security and operational resilience must be a key factor in the strategy for businesses as they move forward in this digital transformation.
It is clear: if you adopt digital technologies, you need a cyber security strategy. Security and operational resilience must be a key factor in the strategy for businesses as they move forward in this digital transformation.
Quite simply, robust cybersecurity strategies make firms more resilient. A strategy is your starting point: it gives you an overarching framework that sets out goals, determines what you are looking to invest in, assesses risk appetite, spots weaknesses and threats, identifies areas in the businesses that are reliant on third-parties — a huge risk area for cybersecurity — and details how you would recognise and contain a breach.
If a business hasn’t gone through that process then not only is the risk of a cyberattack much greater, the degree of damage a potential breach could have becomes immeasurable.