Caspar Herzberg |
This article first appeared in the
Autumn 2017 issue of The Record.
In a connected world, disruptions are devastating. A single business in one part of the planet can be affected by geopolitical events and weather disasters thousands of miles away, and cyberattacks can come from anywhere. Rapidly spreading, highly destructive worms such as WannaCry and Petya/NotPetya remind companies that they must be vigilant to stay a step ahead of the attackers.
As sharing information becomes more prevalent and complex, organisations must work even harder to prevent exposure and respond effectively to cyber risk. However, the benefits of protection are well worth the commitment. Beyond keeping a business safe, strong resilience delivers strategic advantages and greater confidence in the pursuit of new business opportunities.
“Cyber resilience and risk management are challenges that every organisation faces in order to compete in today’s digital environment,” says Chris Moyer, chief technology officer for security at DXC Technology. “At DXC, we help clients take an integrated approach to their security and resilience – one that starts with a single, comprehensive view of risk across the organisation and is aligned to its critical business objectives.”
Organisations face a constantly growing range of enterprise risks and cyber threats. While some attacks make headline news, others are subtle enough to go undetected for considerable periods of time. Many of these incidents do immediate and lasting damage to affected businesses, their employees and clients, and their brand and reputation in the marketplace.
The unfortunate reality is that most companies cannot block every risk and cyberattack. This new norm requires them instead to focus their efforts on security, preparedness, continuity and resilience.
To become resilient, IT and business leaders must engage in ongoing dialogue about balancing risk and opportunity. Incorporating discussion about cyber risk and other threats into the overall business strategy is much more effective than simply reacting to the latest cyber scare. In fact, it normalises the topic of risk.
While it may initially be difficult for enterprises to gain a transparent view of threats, especially in organisations that have little or no experience in cybersecurity, it can be done. In part, it’s done by adopting a structured approach and by getting all organisational leaders to speak the same risk language. Another option is to move to the cloud, which delivers significant benefits, including enhanced security, increased capacity, greater flexibility and reduced capital expenses. When moving to the cloud, stakeholders must consider their organisation’s overall strategy, risk appetite, new business opportunities and current challenges.