The CYBERSECURITY CHALLENGE in a High Digital Density World
In this article the authors present a framework to help managers to implement a structured approach to manage cybersecurity in the context of a digital transformation process. Businesses should start with addressing cybersecurity at the highest organisational level by including cybersecurity in business strategy, using secure-by-design principles, ensuring business continuity in case of cyber threat and treating cyber risk as part of a holistic risk management approach.
I. A New Environment of High Digital Density
Alarms are sounding louder and louder: with the digital revolution come not only great opportunities and profound changes in the business models of companies of all sectors, but also great threats. One of them, perhaps even the main one, is the lack of security of emerging digital ecosystems. We constantly receive disturbing news about ransom-ware, denial of service, or data theft. However, it does not seem that companies around the world pay enough attention to them, nor are they aware of what cyberattacks mean to the smooth running of their businesses.
In fact, it was clearly summed up by Inga Beale, CEO of the insurance company Lloyd's at the World Economic Forum meeting in Davos in 2017, when she stated that there are currently two types of companies in the world in terms of cybersecurity: companies that know they have been attacked and those that have been attacked but do not know it. This leads us to the inevitable conclusion that if we think that we have not yet been the victims of a cyberattack, we inevitably are part of this second group, living in a fallacious ignorance.
The increase of Digital Density as the percentage of connected data that an organisation uses to create, deliver and capture value leads to an increased complexity of the business. The exponential growth of connections, representative of the 4th Industrial revolution, allows users an easy access to huge amounts of data, which has many benefits for businesses, such as obtaining a greater efficiency or creation of innovative services and products.
However, this digital revolution also carries its dangers. Until recently, only some computers in organisations were connected to the Internet, and the dilemma of data security was simply to protect the digital perimeters of the organisation itself. However, increasing Digital Density has forever changed the playing field: nowadays not only individual devices get connected to the Internet or to other networks, but the whole digital and physical realities are blended. This has exponentially increased the surface of attack of the organisation. Therefore, more than ever it becomes important to treat cybersecurity as the “business function of protecting an institution from the cyber-attacks”, especially considering such constraints as “other business objectives, resource limitations, and compliance requirements”.1
In this article, we propose a framework for the management of cyber security as an integral phenomenon in the context of a digital transformation process,
