Companies are racing into the digital future—adopting technology-enabled operating and business models that drive growth. This future business relies on constant, intimate digital connections with suppliers, partners, and customers to stay competitive. It uses advanced technologies, such as artificial intelligence, and big data in all facets of business operations. And it runs on autonomous machines and processes to raise productivity and decrease cost.
We are strategically combining digital technologies and real-time data to create a new layer of “connected, autonomous intelligence” in the future enterprise. But everything digital is inherently at risk. All that sensitive data, connectivity, and automation multiplies entry points for hackers by expanding the “surface area” exposed to cyber-attack. And, because digital systems are so embedded in daily operations, the potential damage from even a single security incident is magnified.
In our latest Accenture survey of over 1,400 C-suite executives, we see that companies are clearly aware of the increased cyber-risk inherent in everything digital (read “Securing the Future Enterprise Today: Build Pervasive Cyber Resilience Now”). For example:
Protecting larger amounts and new kinds of data is a major concern for executives—72 percent are anxious about securing customer data like online behavior, transaction histories, demographics.
Three-quarters are concerned that Internet of Things and cloud computing create a greater risk exposure from the always-on connections everywhere.
Over 60 percent of respondents cited the risk of robots being hacked as a concern—this is one area of vulnerability that endangers not only monetary and reputational loss but also potential loss of life and physical disruptions.
One would think that awareness of growing risks translates into cybersecurity action. Evidently, it does not! We found a consistent pattern of gaps between awareness of increased risks and their inclusion in current cybersecurity strategies (see Figure 1). For example, 74 percent of executives said cloud services will raise cyber risk, but only 44 percent say that cloud technology is protected by their cybersecurity strategy.
Figure 1: Gap between increased risk and cybersecurity protection
Why is that? For a start, companies are not governed, organized, and managed to deal with the ubiquitous risks of the connected, intelligent, autonomous business. Cybersecurity needs to evolve and become as ubiquitous as the technology in need of protection. Every business unit—indeed, every employee—has a role to play.
We identify five ways to start building pervasive cyber resilience:
Make your business leaders Resilience Leaders—by including security in strategy sessions and extending accountability and expertise to the front-line business.
Support the security leader as a trusted business enabler—by upgrading talent, adding new roles for security in business units, potentially creating a high-level role (such as a “Chief Digital Trust, Security, and Resilience Officer”) to act as a bridge between the security office and business units.
Make employees part of the solution—by ensuring all employees are trained in the basics, engaging them to act as advocates for cybersecurity, and using technology to track suspicious employee behavior. To enact such an effective insider threat program, the CEO must rally human resources, learning and development, legal and IT teams to work closely with the security office and business units.
Be an advocate for customer protection—by prioritizing security in the design and development processes and educating customers about how to protect themselves; going beyond the call of new regulation on data privacy and protection (such as EU General Data Protection Regulation).
Think beyond your enterprise to your ecosystem—by collaborating with partners, suppliers and other third parties in the industry, and beyond, to share cybersecurity knowledge, products, and services.
The future is arriving before companies had the chance to prepare cybersecurity strategies and capabilities for the connected, intelligent, autonomous business. Top leaders must prioritize the organizational and structural changes required to infuse a “security-first mindset” into every business plan, process and person. If they do this today, the future business can grow with confidence.