How cyber is shaping the future.
However, industries lie across a spectrum of digital transformation with varying degrees of regulatory maturity around cyber as well as a host of geographical and other considerations. While many common themes have emerged during the pandemic, such as supply chain security and remote work accelerating the need for zero trust, there isn’t a single approach to solving the cyber challenge applicable to all industries.
Whatever direction you take, it’s vital to be aware of some increasingly important areas of interest. Many governments are ramping up regulatory efforts to counter widespread cyber threats, making cutting-edge security initiatives imperative. Where regulations aren’t driving change, the growing connectivity and personalisation of technology is also forcing ecosystems to be rearchitected on secure footings. Finally, the realisation that all industries are vulnerable has led to broader efforts to share knowledge—being adaptable and learning what works in other industries will become increasingly relevant.
What’s critical for leadership is to bring cyber in at the beginning, when you’re designing change. What data, what assets are part of the change? What technologies do you need to protect them?
Simon Owen, Global Clients and Industries Leader, Deloitte Cyber
In some industries, cyberattacks have resulted in an outsized regulatory response. In May 2021, the ransomware attack on Colonial Pipeline, the largest supplier of petrol, diesel and jet fuel on the US east coast, precipitated a new executive order and directives for energy companies to improve their cybersecurity.
Across Energy Resources and Industrials (ER&I) the urgent pressure to upgrade cyber defences exist alongside other longer-term directives such as the move to decarbonisation. With compressed timelines—2035 the recently revised goal in the US—the transformation of the energy landscape will require tremendous digitisation to achieve its goals. This includes shifting to 5G and deploying an array of connected technologies, which bring their own increased demands for cybersecurity.
In life sciences and health care a new model of direct interaction with patients is driving the need for increased cybersecurity. As health care providers seek to monitor recipients’ progress and life sciences companies focus on patient-centred services to improve health outcomes, using remote devices and apps raises concerns about data protection and privacy.
This monitoring and use of apps allow for the rapid accumulation of aggregate data enabling companies to create cloud-based data lakes to gather insights that can lead to improvements in R&D, treatments and support, patient adherence and product launches. All these technological advances have cybersecurity consequences. Ecosystems need to be designed and built so they protect, encrypt and anonymise data plus prevent leakage.
In general, global Life Sciences companies are more fearful about being hacked than they are preoccupied grappling with regulations, which are often inconsistent across territories. Establishing then maintaining trust is vital when connecting with their customers and protecting IP is paramount for business.
The ubiquity of cyber threats and the vulnerabilities that have been exposed during the pandemic has had an effect on the way knowledge is shared inside industries. While reputational damage remains a side-effect of attack, sharing information about incidents is regarded as valuable and helpful, often perceived as a redemptive step helping to repair brand reputations. Enterprises have realised that being secretive about cybersecurity doesn’t confer competitive advantage but can, in fact, compromise their entire sector.
Governments have acknowledged the importance of collective defence, helping to establish public/private partnerships for information sharing such as the Information Sharing and Analytics Centers (ISACs) in the US. Less formally, CISOs are eager to learn from each other. Although it’s more common for them to connect with peers inside their industry, cross-pollination from more mature industries like financial services and oil & gas to less mature ones such as life sciences and manufacturing is starting to occur. Also, CISOs themselves often migrate from one industry to another bringing their experience with them. We hope to see more connections and sharing across industry and internationally in the near future.
Proactively plan for a crisis. Prepare for technology disruption scenarios including cyber incidents:
Identify assets critical to your operations which could appeal as targets
Segment your critical systems and OT network
Accelerate your adoption of Zero Trust
Increase resiliency of your business: Place as much importance on response efforts as prevention and detection
Go on the offense. Modern security principles such as proactive threat hunting, machine learning and self-healing systems can help you take an offensive approach.