Protecting the digital economy

Our tech-addicted society has become much more vulnerable to cyberattacks, requiring CEOs to put security at the forefront of their agenda.

decayed weathered distressed texture security weakened vulnverable
Mikhail Sedov / Getty Images

The internet has turned into the data highway that fuels the digital economy. But, more and more, people and organizations are becoming more wary of a technology that was once heralded as the new face of capitalism and global knowledge-sharing. However, a seemingly never-ending stream of data breaches and service interruptions poses severe business hazards. Cybercriminals may have to launch only one successful attack in order to unleash extremely destructive shock waves that will erode trust.

If the people in charge of big business fail to fight back against the cybercrime onslaught, it’s possible that the resulting lack of safeguards could slow the expansion of the digital economy as a whole. Unfortunately, today’s cybercriminals have an almost endless—and endlessly growing—number of potential targets.

On the flipside of digital transformation, society is becoming more vulnerable to cyber-threats, and the World Economic Forum (WEF) has acknowledged this in a mind-blowing way. In its Global Risk Report 2018, the WEF cites cyberattacks as one of the world’s top-10 threats for business—even more prevalent than terrorist attacks, natural disasters like floods or fires, or food shortages. Some studies estimate that the knock out of a single cloud provider might translate into $50 billion to $120 billion in economic damage—comparable with the financial ramifications resulting from Hurricane Katrina and Hurricane Sandy.

Damages escalating

The ever-increasing interconnectedness of the modern world and the relentless pace of digital adoption is making us more susceptible to attacks that can result in far more than isolated and temporary disruptions. They can also cause massive, system-wide shocks that have the potential to knock entire countries off their feet.

Accenture’s Securing The Digital Economy report notes that the crazy-fast growth of the IoT has swelled the number of potential entry points for attacks on corporate networks from thousands of remote devices (such as mobile phones and laptops), to several million entry points for the biggest multinational companies.

According to Accenture’s research, over the next five years, cyberattacks cause private-sector companies to sacrifice an estimated US$5.2 trillion—only slightly less than the combined economies of France, Italy and Spain—in digital value-creation opportunities. Predictably, high-tech is at the greatest risk, with more than US$753 billion at stake. For a large global firm, this equals roughly 2.8 percent in lost revenue growth between today and 2024.

CEOs need to embed security into their business strategy

The fragility of the Internet is putting the digital economy at risk, which should be compelling enough of a reason to cause CEOs to stop thinking of IT security as just another department and make it an integral part of their business strategy. In fact, eight out of ten (79%) business leaders say that the furious pace of technology adoption and innovation has outstripped the ability of current security solutions to guarantee that the digital economy can remain resilient in the short to medium term.

Although 68% of CEOs indicate that their firm’s reliance on the Internet is growing, they admit that their faith in Internet security—already scraping the bottom of the barrel at 30%—will sink even more if the security pros don’t step up big time – and fast. The greater proportion of the world’s population, almost all of it, depends on the Internet in one way or another. Yet it’s been estimated that, in the next five years, the confidence level in the ’net will drop to 25%.

The risk of domino effects

Most firms do business in a digital ecosystem that also includes suppliers, customers and technology partners. A data breach or service interruption anywhere in the value chain can trigger a domino effect that can affect entities at every link in the chain, and even cause some of them to grind to a halt. Cybercriminals know this, and increasingly use more intelligent and harder-to-detect attacks launched via a plethora of potential weak points.

Not surprisingly, a significant majority (80%) of business leaders say protecting enterprises from weaknesses in third parties is increasingly difficult, in light of the daunting complexity of the modern Internet. A further 62% observe that it’s hard to control indirect cyberattacks that are directed at their company but launched via their business partners’ networks. Interestingly, Accenture discovered that companies where 50% or more of breaches have been indirect attacks initiated through partner organizations are more likely to spearhead or join attempts to safeguard the trustworthiness of the digital economy.

More collaboration necessary

Many enterprises are learning from bitter experience that it’s impossible to tackle Internet security by themselves. Of the senior executive respondents in Accenture’s report, 90% say that that more secure transactions are in the best interest of businesses, consumers, government and other stakeholders, and another 74% say that meeting the cybersecurity challenges of the digital economy will require a concerted group effort.

This means that CEOs should take pains to hammer home the security issue every time they interact with a supplier, client and everyone else in their value chain. Ultimately, this should produce a greater awareness of Internet security among the company’s various connections.

Promoting the CISO

About 20 years ago, when computers had cemented their place in virtually every large company on earth, chief information officers (CIOs) started to show up in corporate boardrooms. In the same way, chief information security officers (CISOs) stand to tread the same evolutionary path.

As organizations venture boldly forward into the cyberspace and begin their transformation into a digital enterprise, almost every business decision made in the boardroom has an effect on their digital strategy – and carry risk in one form or another. Recruiting a CISO (or former CISO) to the board gives fellow board member an invaluable opportunity to become more cyber-savvy and better managers of technological risk. And the governance benefits would flow both ways: the CISO would also gain a deeper perspective of the company.

Consequently, the CISO could make the connections between cyber-risks and other risks and help leaders’ make better, and better-informed, strategic decisions. It should be obvious by now that their responsibilities are too critical to be pigeonholed in a single department or hidden somewhere in the organization. One American bank has already welcomed a retired CISO to its board, breaking a trail that others can, and should, follow.

At the end of the day, cybersecurity means far more than updating software with security patches. It is directly related to the ability of an organization to survive and thrive in the digital economy.

This story, "Protecting the digital economy" was originally published by CIO.