Cyber strategy: why the best defence is a good offence

null

There’s no doubt that cyber security is increasingly important for business leaders, and is rapidly climbing up the board agenda. Yet data from Vodafone’s latest research, the Cyber Security Barometer, suggests that business leaders often still have a traditional defence-first mind-set when it comes to tackling cyber threats effectively. Perhaps as a consequence of this, it’s clear many have yet to realise the wider benefits of cyber security. 

No leader likes missing out on a competitive advantage, but current attitudes toward cyber security mean that many organisations may not even realise that they are doing so. We found a clear link between organisational Cyber Readiness – their approach to the challenges and opportunities of cyber security – and broader positive business outcomes.  Being Cyber Ready is about changing your posture, understanding that a sound security posture and attacking mindset won’t just secure your business, it can drive performance.

Cyber Ready businesses exhibited a higher degree of stakeholder trust (amongst customers, employees and regulators) of 4.3 out of 5 and 47% reported annual revenue increased by more the 5% in the last year. Adopting this proactive security mind-set means thinking of security as an opportunity and a value investment rather than just a cost. By investing in resilience and readiness, leaders of less Cyber Ready businesses can start to reap wider financial and reputational benefits. 

Defining the problem

Business leaders are struggling against a range of challenges and, in a time of uncertainty and change, it’s understandable that many have been forced to adopt a reactive rather than proactive security stance. However, this attitude has meant that only 24% of organisations are truly Cyber Ready. Business leaders are taking advantage of the agility, cost savings and productivity benefits of new technologies to succeed in a competitive marketplace: 83% of organisations are using multiple cloud technologies, 48% are deploying IoT devices and 43% allow BYOD. Yet each new aspect of workplace technology necessarily brings additional cyber security challenges and pressures.

To overcome these security challenges, many business leaders have wisely established employee cyber-security training programmes to raise awareness amongst staff, with 77% of organisations conducting training. However, the real picture may not be quite as positive. Worryingly, only 47% of employees reported that official policy is followed by all staff and 39% think that IT security is just a “box ticking” exercise. 

When we examined the processes businesses had put in place to prepare for cyber threats, it again underlined the fact that many businesses can only be reactive when it comes security: 21% didn’t have any financial contingency in place and 20% didn’t have the ability to identify complex security issues and were unable to proactively identify vulnerabilities. In addition to an increased likelihood of attack, a reactive attitude means many organisations will miss the associated business benefits of a proactive security stance.

What’s the solution?

The majority of business leaders need to make a concerted effort to change their mind-set when it comes to cyber security, framing it as a value investment, not a just a cost. Top performing companies have security embedded throughout their organisations, and report a wide range of benefits: 68% of the businesses scoring Advanced readiness (the top 5% of the Cyber Ready Index) described themselves as “more focused on innovation” than their competitors; 65% considered themselves better able to be customer centric than rivals and 59% thought that they were building a digital advantage. 

This is the crucial reason why, when it comes to security, the best defence is a strong offence. The evidence shows that businesses that take a proactive stance on cyber threats, investing in resilience and readiness, start to reap wider financial and reputational benefits. These processes can form a valuable feedback loop allowing businesses to profit from their security status, reinvesting and further shoring up their cyber footprint.

How then, can leaders access these benefits? Cyber Ready organisations were able to confidently answer the following questions, which can act as a quick reference guide for leaders looking to improve the security posture of their businesses: 

  1. Do you understand and have clear visibility of your digital footprint and where your data goes?
  2. Have you invested in cyber security to adequately protect your data, devices and places?
  3. How quickly can you recover and resume normal operations after a security incident – do you have effective processes in place to communicate with regulators and customers?
  4. Do you have a clear cyber strategy that everyone has bought into – including the board?
  5. Have you put in place training and effectively communicated security policies to help educate your staff?
  6. Do you have the right cyber skills and knowledge in place to keep your business running, and support growth and transformation initiatives?

It’s no longer enough to build up perimeter defences. Instead, leaders need to be more dynamic, putting their organisation on a ready footing. Resilience and recovery should be seamless, incidents quickly learned from and acted upon. Only then will they be able to take their next step in confidence, whether that is launching innovative new products, services or business models.

Leaders that can shift their mind-set from reactive to proactive will ensure their organisation is as secure as possible and can also be confident cyber security will help them to realise a competitive advantage. 

Maureen Kaplan, Cybersecurity Lead at Vodafone Group Enterprise