Cybersecurity strategies neglected in wake of the boardroom’s quest for digital

A new report by Cognizant’s Center for the Future of Work, Securing the Digital Future, reveals that, in the pursuit of digital transformation, organisations have overlooked one critical factor that could put all their transformation efforts – and even share prices- into jeopardy: cybersecurity.

The research, which surveyed over 1,000 senior IT executives in 18 countries, found that only 9% of organisations have made cybersecurity a board-level priority. This is despite respondents acknowledging that digital is opening their businesses to more cybersecurity vulnerabilities than ever, with 60% of respondents saying there are more emerging cyber threats than they can currently control.

The report found that cybersecurity vulnerabilities stem from a range of sources, including not only technology itself, but also the design and execution of business processes and, employees within the organisation. Respondents believe that migrating data to the cloud (74%), social media (66%) and careless employees (64%) pose the highest risk to businesses in the next 12 months, stating that they need to be addressed now to bolster their organisation’s security.

Rather worryingly though, over 60% of respondents believe they have inadequate resources (namely access to cybersecurity talent due to staffing budget issues) to address gaps in the business’s cyber defences. As a result of this shortage, unsurprisingly, almost a third (31%) also admit they only refresh their cybersecurity strategies on an annual basis, potentially leaving glaring gaps in their cyber defences.

Combined with fast-changing threats, this talent and budget shortage has many organisations looking to technologies, particularly artificial intelligence (AI)-driven automation, to improve their cybersecurity outlook. However, while technology can close the gap, it cannot solve the security short fall alone.

Future-proofing digital operations 

The study identified four critical elements that organisations can follow to bolster their cybersecurity strategies, allowing them to future-proof digital operations:

1. LEAD: though cybersecurity should be a concern for every employee, there needs to be top-down leadership in this regard. Leaders cannot just sponsor initiatives; they need to understand the technologies and processes and how they work. Practical ways of ensuring this include placing divisional chief information security officers in business units, embedding cybersecurity as a core value in the organisation and ensuring cybersecurity is a board level issue.
2. EVOLVE: organisations need to continually evolve their cybersecurity strategies to make sure they have some ammunition in the race against cyber threats. R&D, therefore, needs to be an integral part of security divisions. This does not need to be confined to an in-house endeavour – organisations should consider hackathons and war-rooms to bring in external talent and co-create security initiatives.
3. AUTOMATE: faced with global cybersecurity talent shortages and growing cyber threats, AI-based approaches are progressively becoming readily available and should be a part of any organisation’s larger cybersecurity execution strategy. While automation will not solve security talent requirements completely, it will mitigate select shortages in the junior- to mid-level analysis roles.
4. PREPARE: prepare for the new technologies that will entirely shift the current dynamic of the cybersecurity strategy, including blockchain and – further ahead – quantum computing. Although the ability to quickly adapt to current security needs is vitally important, it is fundamental to keep an eye on the future. 

Euan Davis, European Lead for Cognizant’s Center for the Future of Work said: “While not a silver bullet, the introduction of AI tools into cybersecurity platforms will spur organisations to rethink how they approach cybersecurity and reduce the burden left by talent shortages. Cybersecurity needs to be an ongoing endeavour however, and failure to adapt processes and systems on a regular basis will leave an organisation open to further attacks.

“Leadership must take the initiative when it comes to ensuring this is embedded into the business’s DNA, or else face losing customers, reputation and revenue. Ultimately, any company that hopes to do business in the digital economy must make cyber defences a key part of their business strategy.”