How To Protect Businesses In The Digital Era

14 October 2019

An IT decision maker’s most important role is to oversee and strategically direct digital transformation efforts. In fact, according to IDC’s 2019 Digital Business Research, 91% of organisations have adopted, or have plans to adopt, a “digital-first” business strategy.

The top objectives for digital transformation include; creating better customer experiences (67%), improving process efficiency through automation (53%), and driving new revenue (48%). Fulfilling these objectives will result in massive amounts of data, adding unprecedented complexity and risk to the business.

For Chief Information Officers (CIOs), this adds pressure to reframe their position on security in order to succeed in this digital era. So, what can be done to overcome these challenges and protect the business?

Security must not be an afterthought

While the focus is on generating revenue and business growth, security needs to follow every organisation’s digital transformation as closely as possible. Like technology, the approach to security must be collaborative.

There needs to be a paradigm shift to ensure that the security side of information technology gets a seat at the table and is included in all business decisions.

While security and compliance costs can be a barrier, especially when adaptation is required, it’s crucial for CIOs to recognise that the right level of investment is necessary. Otherwise business outcomes will be far worse than the initial cost of security.

Consider the barriers

Implementing a successful digital transformation means overcoming barriers, such as an insufficient digital vision and strategy, and not being hampered by data privacy and cyber security concerns.

Admittedly, the cost of data privacy is higher today than in previous years, due in part to new and growing compliance requirements, but do these security concerns have to be barriers?

Data privacy and security should be considered an enabler to any digital transformation. While security and data privacy practices must be maintained regardless of initiatives, it’s important to bear in mind that a shift in focus on how sensitive data is anonymised is likely. Intelligence, like Personal Identifiable Information (PII), will become even more expensive to maintain compared to traditional data.

Incorporating fundamental practices like two-factor authentication and vulnerability patching will become even more integral to overall security hygiene.

Challenges abound

The Cloud and Internet of Things (IoT) are helping businesses to accelerate the pace of innovation, driving greater productivity and efficiency, and capitalising on new economic models.

However, the associated technology can cause significant disruption. For example, the introduction of bring your own device (BYOD), smart offices and internet-facing back office systems, have revolutionised the way CIOs work, as well as the impact they have on an organisation.

This revolution is changing IT, moving the department away from a purely operational overhead to a centralised revenue-generating function critical to the business.

More organisations are adapting and utilising this type of centralised revenue strategy, cognisant of the large amount of risk this strategy brings.

A Dell Technologies Survey highlighted that 48% of business leaders believe that the more dependant we are on technology, the more we have to lose in the event of a cyber attack.

Risky business

In addition, there are several systems that were not designed with the internet in mind. For example, the legacy systems in banks and financial institutions were not intended to be IP accessible from the internet. When these systems are inevitably brought online, they introduce a higher security risk.

Consequently, security risk is heightened by the countless number of tools available to people in order to improve efficiency.

Some carry out activities independently, using openly available development and runtime environments sanctioned by IT, to create new business applications.

However, these people typically lack understanding of security best practice and unintentionally create insider threats and even greater headache for the CIO.

Containing security threats

Threat prevention is of critical importance, as reflected in most organisations’ abundant investment into security controls and processes.

However, threat prevention on its own is not enough.

Cyber threats can bypass defences, compromise IT assets and lead to extensive damages. In addition to threat containment, organisations are investing in threat detection and response software that includes Artificial Intelligence (AI) and Machine Learning (ML) detectors to help improve situational awareness across the business.

One of the biggest security challenges of the digital era is automating the remediation of threats in a way that continually drives more efficiency, shortens cycle time, and decreases the cost of remediation.

This can be achieved using an advanced solution that monitors activity across Cloud, network, endpoint and business devices. With this type of solution CIOs can fast track detection and response with software-driven responses for common containment-use cases, reduce false positives, and facilitate the focus of limited resources on defending against real threats.

For organisations in the midst of digital transformation, CIOs need to source innovative solutions to protect the business, while creating a solid strategy for people, processes and technology aligned with the business’ strategy.

At a time when the most successful enterprises are increasingly digitally native, the CIO will continue to play a central role in corporate cyber protection.

This article was written by Cyber Collective Partner Secureworks’ Ian Bancroft, Vice President and GM EMEA



  • Sarah StephensSarah Stephens

    As part of Marsh JLT Specialty's London-based Financial Lines Group, Sarah and her team work both directly with our clients and with network colleagues and independent partners to make sense of cyber, technology, and media E&O (PI) risks and create leading edge bespoke insurance solutions in the London market.

    Prior, Sarah spent 12 years with Aon in a variety of roles. Her last role at Aon was Head of Cyber & Commercial E&O for the Europe, Middle East, and Africa (EMEA) Region, working with colleagues across business groups and clients in the region to identify, analyse, and drive awareness of cyber risks, exposures, and both insurance and non-insurance solutions.

    Previously, Sarah spent seven years with Aon’s US Cyber and Errors & Omissions practice group thinking nonstop about cyber insurance way before it was cool. Her first four years at Aon were spent in the Account Management group working with large clients and developing a keen eye for excellent client service.

    For further information or to learn more about cyber insurance, contact Sarah Stephens, Head of Cyber, on +44 (0)20 8108 9541.

  • Get everything you need, delivered straight to your inbox.

    Sign up to receive our latest news and insights here.


Services provided in the United Kingdom by Marsh JLT Specialty, a trading name of Marsh Ltd and JLT Specialty Limited (together “MMC”). Marsh Ltd is authorised and regulated by the Financial Conduct Authority for General Insurance Distribution and Credit Broking (Firm Reference No. 307511). JLT Specialty Ltd is a Lloyd’s Broker, authorised and regulated by the Financial Conduct Authority for General Insurance Distribution and Credit Broking (Firm Reference No. 310428).

This is not legal advice and is intended only to highlight general issues relating to its subject matter. Whilst every effort has been made to ensure the accuracy of the content of this document, no MMC entity accepts any responsibility for any error, or omission or deficiency. The information contained within this document may not be reproduced. If you are interested in utilising the services of MMC you may be required by/under your local regulatory regime to utilise the services of a local insurance intermediary in your territory to export insurance and (re)insurance to us unless you have an exemption and should take advice in this regard.