For all the debates about returning to normal or the new normal, the one irrefutable reality is that a digital way of life is not the future; it is already here. Even before the COVID-19 pandemic, we were on the fast lane to the uberization and servitization of everything on Maslow’s hierarchy of needs. As a result, personalization and customer experience have been a focus area for brands. In addition, the digital medium and social media became the new canvas for brands and marketers.
The remaining physical touchpoints between businesses and customers went out of favor as the COVID-19 pandemic and shelter-at-home orders took effect. This rapid transformation to a digital-first environment, combined with an economic fallout, forced brands to reinvent business and delivery models that were digitally native and contactless. So, while consumer brands did have a head start over B2B brands, digital was now the norm for everyone.
When talking about a fully virtual, data-rich environment, issues such as cybersecurity and data breaches can’t be too far behind. A recent analysis by Infosys and Interbrand found that the world’s 100 most valued brands could risk $223 billion in brand value in the event of a data breach. For context, Jeff Bezos, the richest person in the world, has a net worth of around $180 billion (as of this writing), and Apple’s annual revenue in 2020 stood at $294 billion.
As digital or hybrid means of working and engagement become default to enable convenience, brands also open multiple points of vulnerabilities. While customer data helps brands deliver a personalized experience, it is also a major target for hackers. This dichotomy between access and security adds a layer of complexity, which is further exacerbated due to the hyperconnected nature of modern enterprises.
An environment as disrupted as it has been by digitalization requires brands to reassess the way they evaluate risks. Due to the proliferation of digital across functions, systems and processes, metrics such as lost revenue or opportunity cost to measure the impact of a cybersecurity breach no longer suffice.
For example, a data breach at a financial services company would alarm customers who may not have been the victims. Or a single episode of hacking for a medical devices company would damage customers’ trust, which may not always be feasible to measure.
Cybersecurity strategies for the digital landscape
As companies hurtle towards an ever-digitalized future, the complexities are also morphing into three-dimensional challenges. The question before brands and businesses is: What is an effective way to navigate this labyrinth to create a safe digital environment for their customers? Consider the following five steps to get started:
- Recognize cybersecurity as a major risk. This is the first step toward addressing the larger challenge. Attaching financial value to a potential risk helps raise awareness at a board level, which is key to bringing about fundamental changes to enterprise-wide strategy and policies that govern cybersecurity.
- Prevention is better than a cure. This is possibly the oldest cliche in cybersecurity. But, if we are talking about the democratization of digital tools and a virtual world full of nontechnology-minded technology users, this is a good place to begin — not only because it creates a culture of security first among the primary users, but also because embedding it in an organization’s DNA makes it that much more effective and robust.
- Look at the big picture. Include suppliers, vendors and everyone else on a value chain to create a watertight environment for brands to operate in. Besides minimizing points of ingress, this also enables brands to track every input that goes into a finished product — all the way from its origin into the customers’ hands.
- Invest in emerging technologies. AI can help extract actionable insights from data that can enhance a brand’s responsiveness and defense against breaches. Additionally, machine learning capabilities enable systems to self-learn, which can be used to automate actions and initiate emergency protocols to prevent damage from a potential breach.
- Consolidate the cybersecurity function. Consolidation under the purview of a CISO enables better visibility and coordination among various functions and divisions within an organization. The ability to look at cybersecurity as a horizontal function enables a better convergence between IT and operational technology systems, which can be better defended than a siloed approach.
The bottom line is that the digital age is here to stay, so a new approach to cybersecurity is the need of the hour. Besides a more value- or output-focused framework to assess risk, the involvement of non-IT leaders is a prerequisite to visualize a holistic picture from a business perspective. The manner in which enterprises handle cybersecurity could very well determine the leaders and laggards in the years to come.
About the author
Vishal Salvi is CISO at Infosys. He is responsible for the overall information and cybersecurity strategy and its implementation across Infosys. With more than 25 years of industry experience in cybersecurity and IT across different industries, Salvi has extensive management and domain experience in driving transformational cybersecurity programs, delivery and sales in all key areas.