Reading time: 3 minutes
There’s a new way of thinking about cybersecurity. New security approaches are moving from thinking about cybersecurity as a defensive approach, to thinking about it as a source of competitive advantage. With Boards looking at how to protect, optimise and grow their businesses by sustaining IP, assets and brand, here are four ways to position your cybersecurity strategies for a distinct advantage.
Have a quantifiable risk
Just thinking about cybersecurity defensively makes it hard to understand the value of security investments. By putting a value on data risks, you can start to think about cybersecurity in terms of ROI.
The Board want to know what an appropriate response is in the context of the business.
Today, the effects of suffering a data breach can include a 6% drop in share price or losing 100,000 customers, as we’ve seen with recent company cyber-attacks. It can mean spending too much, on too many tools, or not making a move in the market.
By measuring business risks, and outlining security investments in terms of revenue, share price, brand and valuation opportunity, and not just as a cost, you can start to have a better grip on the extent of your cybersecurity advantage and ROI.
Make it a team sport that everyone is a part of
The number one cause of large security breaches remains phishing, according to our 2017-18 Global Information Security Survey of over 1,200 companies. On mobile devices, phishing attacks have increased 85% year on year for the last seven years, so you are still more likely to be made vulnerable by a member of staff opening a rogue email than anything else.
This is often the result of a lack of cybersecurity awareness – whether about generic malware, scams related to fake LinkedIn profiles, or hacks on public Wi-Fi.
Therefore, developing a culture where staff at all levels understand how to protect data and systems, including mobile devices, through up-to-date training, drills and regular communication, will help build and maintain a cybersecurity advantage.
Cyber policies are vital as a living, breathing reference to help manage a fraught and fast-moving situation, yet these aren’t effective if staff outside of the cyber function don’t know about them.
Embedding a cyber conscious culture that heightens awareness and behaviours amongst all employees can help you pull ahead of the competition, instead of scoring an own goal.
Keep to a small window for damage control
The UK’s national cyber security centre recently described a need to act collaboratively and collectively against cyber threats, urging organisations to raise the bar.
Cyber threats don’t respect borders, jurisdictions or organisational boundaries, and there is a small window in which to minimise the damage.
Under GDPR, the new mandatory 72-hour breach reporting could be too long a timeline in the court of public opinion, and focusing on the first 2 to 5 hours instead could provide a much needed advantage.
Outlining key stages of your breach response in the first few hours across functions from IT, security, PR to legal, and identifying at which points to get an external view, could make the difference between a forgiving public or not when you have to appear on Newsnight.
As we start to see more threats and regulations emerge across the world, how businesses come together, under extreme time pressures, will provide much needed collaborative and competitive gains.
Use different approaches for evolving risks
Cyber risks aren’t constant. The nature of the risks are always changing – which means resources to fight them can’t be allocated on a set basis.
Increasingly, cybersecurity requires bringing together a wide range of capabilities to deliver business value.
Whether that be through enhancing cyber resources with new skillsets, leveraging emerging technology from hardware authentication, virtualised intrusion detection, or using AI and machine learning.
With cybersecurity increasingly becoming a competitive battleground, that’s all the more reason to start thinking about how your company can build an effective cybersecurity advantage.