Although seen as a negative if essential investment, is it time to view cyber protection as a business enabler that unlocks value?
It’s the downer on the boardroom agenda, the dark force that shapeshifts whenever there’s a hint of a solution, the unwelcome drain on tight budgets… cyber crime.
Or more likely, the threat of it.
Ringfencing a business against threats from that unwelcome trio of chancers, professional hackers and state actors, is a significant demand on resource. Having opened up a new era of economic crime and proxy warfare, it has drawn an increasing number of process sectors within the umbrella of critical industries whose safeguarding protocols have become more demanding and complex.
It also serves as a brake on progress by encouraging an understandable timidity when it comes to endorsing the benefits of IoT connectivity.
As McKinsey’s report Cybersecurity for the IoT: How trust can unlock value pinpoints, until the Internet of Things overcomes its fragmented present, it cannot reach its full potential: “The risk profiles of many IoT systems are elevated compared with that of enterprise IT, given the IoT’s control over physical operations.
“A seamless IoT experience, therefore, requires a foundation in digital trust, functional convergence of the IoT and cybersecurity, and an early-stage integration of cybersecurity in the architecture design and pilot phase.”
A significant problem, suggests the report, is that IoT solution providers massively underestimate the importance of digital trust with the people that ought to matter most to them: the customers.
Just 30% of providers surveyed thought it critical. But ask buyers the same question and the percentage doubles, revealed McKinsey. And when you’re selling a solution to a critical industry process plant, the customer’s perception is the one that’s going to seal the deal or send a seller to the exit door.
Yet, while process and other industry leaders may place a high premium on cybersecurity, that doesn’t mean they view it in positive terms, implies Joseph Carson, chief security scientist and advisory CISO at Delinea. Frequently companies have regarded cybersecurity as an obstacle, “a mandatory inconvenience that decelerates processes and stifles creativity” or a necessary expense.
“Most companies have historically relied on a risk-based approach to justify their cybersecurity spending. The size of the investment in cybersecurity would be proportional to the perceived level of risk,” he says.
“For instance, a company handling sensitive customer data may invest more heavily in cybersecurity than a company whose operations do not involve storing or processing sensitive data.”
Sector compliance and the need to adhere to regulatory rules is another factor influencing purchases, points out Carson; once again, a case of investment in reaction to an external prompt.
And cyber expenditure comes with a long tail of financial implications. Stricter security tends to produce restrictions and controls that slow processes and productivity, acknowledges Carson. Meanwhile, the pressure on companies to embrace Industry 4.0 inevitably involves balancing IoT acquisition against the potential for increasing cyber risk.
Plenty of IoT providers of course do pay attention to the cybersecurity issue but their focus, points out McKinsey’s report, tends to stop with their own product: “Systems feature IoT devices with embedded cybersecurity but don’t contain holistic cybersecurity functionality to protect the entire IoT value chain. Each IoT provider only has control over the protection of its systems and doesn’t play a role in the integration of its system with those from other providers.”
Cybersecurity for the IoT: How trust can unlock value
All of which, points out Delinea’s Carson, adds up to a very negative perspective on cybersecurity. Time instead, he suggests, to realise it has a significant role to play as an active business enabler and that “effective cybersecurity measures can facilitate business expansion and creativity instead of impeding it”.
In particular, he cites enabling digital transformations, adoption of new business models, boosting investor confidence by lowering risk and building brand trust among customers confiding their data.
Just 30% of providers surveyed thought it critical. But ask buyers the same question and the percentage doubles
And how do we implement these? Align cybersecurity strategies and business goals clearly, leverage security as a USP, prioritise compliance and integrate security metrics within business KPIs. Businesses must view cybersecurity as an opportunity to innovate and grow their business rather than just a means to minimise risk,” concludes Carson.
“Organisations should seek ways to leverage security efforts into competitive advantages, such as offering secure products or services that customers cannot find elsewhere.
“By doing so, they'll be able to showcase their commitment to security while also helping to distinguish themselves in their industry.”
