How do you prepare your business for a cyber powered future?

Cyber everywhere

The phrase ‘cyber everywhere’ has never been more powerful than it is in today’s world of digitisation. Cyber is rapidly moving beyond the four walls of an organisation: hybrid working is becoming more common, the cloud is in demand by most businesses and as devices and applications evolve they are evermore connected.

Complexity is here to stay as we head into a cyber powered future. Digital transformation now permeates every aspect of business and it is increasingly clear that it is an incredible enabler—allowing people and processes to achieve new possibilities—as well as a means to amplify and spread risk.

As your business’s digital footprint has expanded, the omnipresence of cyber has also intensified. To stay on the right path, you’ll want to mitigate the many underlying cyber risks that accompany accelerated digital transformation along with the increased vulnerability of your business to cyber attacks.

The threat landscape

Hackers will seek out the weakest link, whether that’s third parties and supply chain partners, unpatched systems, weak passwords, unprotected privileged accounts or humans who are susceptible to errors, phishing, social engineering, and insider threats. With the advent of COVID-19, cyber criminals have been even more opportunistic as vast amounts of sensitive data are being exchanged digitally, along with a heightened use of personal devices and home networks, at a time when many businesses’ workforce may be dispersed or distracted.

With cyber permeating everywhere from customer touchpoints to intelligent factories and the remote devices of employees, the days of a siloed IT department managing antivirus software and passwords are long over. It’s no longer enough to just keep the network running, a broader and deeper thinking is required.

Your business’s best way to deal with the fast-changing threat landscape is an understandable, well-structured cyber-security strategy. This acts as a shield during the constant and rapid upheaval of digital transformation, protecting your business’s tangible and intangible assets, including your reputation as there’s one thing we all know: trust can be a fragile thing in the digital sphere.

What’s your cyber security strategy?

As technology allows information to flow freely throughout your business, your people must follow suit and adopt a ‘cyber everywhere’ mindset. It’s critical to break down silos and get key teams to collaborate on cyber. This means fostering a strategy where key areas of your business – from product development, compliance, IT to marketing – sit down together to understand the data assets needed and embed the security and privacy requirements around them at the very beginning of new initiatives. Designing these from the outset with security and privacy in mind is the best way to avoid headaches later.

All businesses, large and small, need a cyber security strategy. If your business is just beginning to consider yours, then there are three things you can do to help prepare the way. My colleague, Gary McCloskey, touched on this during Wales Business Insider’s Cyber Secure online forum earlier this autumn and you can find a complete list of cyber questions to ask yourself in our online guide.

Step 1 - Identify

Firstly, ask yourself: What is really important to your business? What are the absolute essential things you need – whether its information, people or certain business systems – to operate?

Whichever sector you’re in or whatever size of your business, you need to be pragmatic and choose where to focus your efforts. Absolute security is an unrealistic nirvana and it’s no longer possible or even economic to protect everything all the time. As a business leader, you must make intelligent, risk-based decisions on what is really essential to your business, what to protect, and what assets are less important. And make these decisions swiftly.

Keep these cyber fundamentals in mind:

• What are you trying to protect?
• Where do those assets reside?
• Who (identities) and what (devices) should be able to access those assets, and under what conditions?

You’ll also need to continually re-assess these fundamentals as the environments inside and outside your business grow or adapt.

Step 2 - Plan

Once you’ve identified your essentials, the next step is planning your response. Should an incident occur, what do you do? Who do you contact? What systems or data do you need to recover? Which of your people do you need? What will their roles be? Who do you need to inform? To get the best out of this exercise, preparation is key and plan out your incident response step by step on the assumption that the worst-case scenario will happen, and you’ll be starting from ground zero.

You should also outline in your plan which of your people should be focused on recovery, and who will be directed towards keeping the business operating.

Step 3 - Rehearse

Being prepared can make the difference between a swift and successful recovery that minimises operational and reputational damage or a prolonged period of disruption. That’s why you need to invest time and go a step further: practice your plan at least once or twice a year. By simulating an incident and testing the robustness of your plan, you may identify gaps or discover what works well and what doesn’t.

Rehearsing your incident response plan with your cyber team is just one element, you’ll also need to collaborate on the recovery plan and related communications strategy.

Embedding cyber into the core of your business

A clear takeaway from our recent research, Deloitte Global’s 2021 Future of Cyber Survey, is that cyber security should be incorporated into every aspect of the business to get the most value from digital transformation and to reduce vulnerability from cyber attacks.

The report analyses responses from nearly 600 executives around the world who have visibility into the cyber security functions of their organisations. Through the report, we hope to increase communication around embedding cyber into the core of every business, while also providing insights on how organisations can increase visibility into complex technological ecosystems and implement best practices to better prepare for an unpredictable cyber future.

Despite taking the greatest precautions, data breaches happen. 72% of the global survey respondents indicated their organisations had experienced between one and 10 cyber incidents and breaches in the last year alone. Bearing this in mind, it’s wise to consider these an eventuality and be prepared. Getting caught flatfooted will make a bad situation worse. Threats and risks can erode trust in products and services, undermining the carefully built reputation of even the most valuable company. Remember, it’s how you respond that will send clear signals about your brand.

Empowering your people

Most organisations will acknowledge that people are their greatest asset, but in the cyber sphere could your employees be your weakest link? If your employees lack sufficient awareness of the risks posed, whatever physical or technical measures you have in place become redundant, leaving much of your digital transformation’s value on the table as well as increasing your vulnerability to attack. Creating a security culture framework to bind your people together on a common goal will help eliminate risks. Through education or reaffirmation of key security principles you will empower your employees to understand what your business’s security culture is, why it is so important and the role they each have to play.

To achieve the best outcome for your business and as a forward-thinking leader, your endgame is for your cyber strategy to work in many distinct ways to ensure safety and trust remain paramount throughout your business. You’ll not only have in place cyber security defences that protect your business’s systems and infrastructure, you’ll also embed cyber in the core of your business initiatives, in your culture and into your continuously evolving technology. And as a result, you’ll empower your people to be productive, sustainable, secure and safe, and know you’ve set your business confidently on the right path for a cyber powered future.

How we can help

At Deloitte, we may be more well known for our traditional accountancy services like audit, tax and financial advice, but we are also a technology, risk advisory, and cyber consultancy, delivering solutions to businesses and public sector bodies. In today’s world, where digital transformation, cloud migration and artificial intelligence are on the agenda, we help give businesses the confidence to embrace digital strategies, harness emerging technologies and find new ways of delivering their services safely and securely in which their customers can place their trust.

With cyber expanded from IT to across the entire organisation, many people now engage with it differently and, to be effective, the business and individuals must work collectively together as a whole.

Deloitte Cyber connects cyber everywhere with a human approach that makes it work for everyone, creating a shared culture of safety and trust that moves the entire business, with cyber-created consistency and confidence, further forward.

Deloitte Cyber: Empowering your people with understanding, connection and trust for a cyber-powered future.