Recalling the saying, “It’s not a matter of ‘if,’ but a matter of ‘when’,” when it comes to cybersecurity, isn’t pessimistic. On the contrary, it’s fairly realistic. Technology developments are a gale that is constantly changing not only how we live but also how we are. With great advancements come great challenges too. Cybersecurity is one of them.
Although the waiting for the vaccination seems endless, the COVID-19 spotlight will slowly fade and someday fall into oblivion. Cyberattacks, on the contrary, will be around for an undetermined time. What no one can deny is how, in a matter of months, the teeny-tiny virus has greatly made the number of cyberattacks skyrocket.
Nevertheless, and as odd as it seems to state, cybersecurity, and the people working in organisations to keep them safe, have something to thank COVID-19 as well. We’ll get back to this later on.
Talking about cybersecurity is a vaster topic than just cyberattacks, and its various forms that are growing in sophistication and dangerousness. It’s about 5G and geopolitics, the internet of things and smart cities, artificial intelligence, the all-mighty mobile technology and likely every single new technology that’s connected to the network.
But at the core, the true transcription of cybersecurity regardless of the technology or the means, is digital trust. Business-to-business, business-to-consumer, business-to-people, machine-to-machine, machine-to-people all of them need trusted relationships on their road forward.
Trust is slippery like soap; it’s elusive, and increasingly difficult to reach in the maze of misinformation, in a context where the reputation of people and organizations is unscrupulously manipulated. And access to technology, as odd as it is to state it too, has a lot to do with that.
The CISO—Chief information security officer, the DPO—Data Protection officer, the CEO, all of them are called to keep the business secure and data safe in the digital society.
Even if IT security is the usual suspect, there is the other one, the responsibility for forging digital trust, that silently sustains the business in the long run. The former isn’t a prerequisite of digital trust; on the contrary, it is a key pillar, like any regulatory, legal, societal, environmental or even geopolitical decision that the business makes impacting their stakeholders, digitally or analogically.
Cybersecurity needs to be considered as strategically, with a long term perspective in mind.
That was the focus of PwC Luxembourg’s Cybersecurity DayS 2020 – yes, for this opportunity with an “s”, because it happened between the 26 and 29 October, almost fully digital. This article has taken five ideas that resonated the most with us and turned each one into a sort of short fable. However, we don’t claim they are the only interesting ideas we learnt during the event! Cybersecurity and digital trust are subjects with many edges that make them especially interesting.
Cybersecurity and strategy
The importance of cybersecurity as being an integral part of their business strategy has been already around for a while. We’ll continue to advocate it.
What the COVID-19 crisis has highlighted is that businesses don’t need anymore ad-hoc or reactive-based strategies—including the one for cybersecurity—but rather to embed a culture of change as a strategic component of the organisation. We borrow the quote from Koen Maris, our cybersecurity leader, to emphasise this fact: “Change is good, adoption is better, but willingness to change is best”.
For cybersecurity plans to succeed, people remain the most important pillar, from the role they play in decision-making, people enablement and responsible adoption and use of technology, to acting timely on cyber threats and cyber attacks, and making the organisation resilient.
All that is possible when awareness actions, education plans and transparent communication take part in the cybersecurity plans that, ideally, should be orchestrated with a larger digital transformation strategy.
Every business story should, ideally, enhance positive reputation. Cybersecurity nowadays greatly influences brand sentiment, a precious and volatile intangible asset. Also, decisions that businesses make around subject matters that can affect the society and the security of a country or a region are also part of the cybersecurity equation. That’s the case, for instance, of telecommunication companies when acquiring new technology to improve their service capability. They should also consider the geopolitical and security implications of their decisions.
Top five ideas of the Cybersecurity Days 2020, turned into fables
If reputation was a currency and its exchange rate was subject to markets, it could possibly surpass the all time high price of bitcoin, especially during periods of crisis.
Sure, the costs of cybersecurity are rising, but they would hardly be more expensive than when your clients and stakeholders turn their backs on you because of loose attention to cybersecurity. Remember, the worst currency to pay in, is your business reputation.
COVID’s little help
The COVID-19 crisis is having unexpected side effects. And, like a balancing act of fate – allow us to use the expression this time – some of them are truly negative, but some are undeniably positive.
“Somehow, I’m grateful for COVID,” said Koen Maris, during the Cybersecurity DayS’ plenary session, “because it has heightened the awareness around cybersecurity”.” That’s a brave and bold statement!
To cybersecurity evangelists and advocates, this is arguably the first time that the board’s door is fully opened to them; the opportunity to get the board’s full trust in the role that CISOs, DPOs and their teams play when shaping not only the IT strategy but the business strategy of tomorrow. COVID-19 has changed the world, but it has heightened the awareness around cybersecurity too.
Let’s always bear in mind that the (increasing) use of technology brings, inherently, cyber risks.
What we think
Koen Maris, Cybersecurity Director at PwC Luxembourg
The COVID-19 crisis has made even clearer that we don’t need ad-hoc or reactive cybersecurity anymore. Rather, cybersecurity needs to be embedded in the organisation’s strategy to truly answer the challenges of a technology-driven world. The equation is straightforward: once you use technology, there will be, inherently, cyber risks. On the other hand, businesses must embrace change as a constant. Change is good, adoption is better, but willingness to change is best.
