The UK leads the way in adopting digital business and technologies. One eighth of the UK’s GDP comes from the digital economy – the highest in the G20. In July 2016 Britons spent an estimated £10.7 billion shopping online. We have the highest percentage of internet usage of any G7 economy and UK digital industries grew two and half times more quickly than the economy as a whole between 2003 and 2013.
What a great success story and one that is sure to continue in the UK…but we need to increasingly understand, be responsive and resilient to the risks that come with the digital age. The most pervasive and least understood of these risks is from cyber-attack. Risks that can fundamentally impact any successful business – its reputation, competitive advantage or operational stability – at any time.
It seems clear that many businesses are suffering from ‘cyber’ fatigue – they’re tired of constantly being told how attacks will stop their business in its tracks, particularly if they themselves have had little or no experience of what these attacks look like and what the impacts can be.
I would suggest that the ‘cyber’ word itself is doing nothing to aid business understanding and response. One dictionary definition of cyber is: ‘relating to or characteristic of the culture of computers, information technology, and virtual reality’. This seems clear in itself but when we want to talk about the business risks we all face from cyber-attack it ignores the critical involvement of effective leadership and the ‘human’ factor as 90% of all successful breaches succeed because of human error.
Cyber means different things to different people. It’s a word that creates confusion and attitudes that restrict the effectiveness of any response to the risk. Ask any board director what they understand by ‘cyber’ and compare their answers with someone in risk management, someone in information security or someone working the service desk. You may well find it difficult to align or connect their answers. So how can any effective strategy and response be built around these widely different perceptions?
Cyber typically also conjures up threats, attackers, defence and increasingly war. It has far too many negative connotations. Being in business means growth, providing products and services that meet a need, and building trust and reputation. We need new language. To balance our ongoing digital transformation I propose we need ‘digital resilience’ – a critical factor in the success of any organisation now and in the future. Digital resilience needs to be regarded as an integral part of the strategy and mission of any business and for me digital resilience should be centred around our people.
As Tom Farley, President of the New York Stock Exchange, said in his introduction to ‘Navigating the Digital Age: the definitive cybersecurity guide for directors’ and officers’ in 2015:
“It is important companies remain vigilant, taking steps to proactively and intelligently address cybersecurity risks within their organisation. Beyond the technological solutions developed to defend and combat breaches, we can accomplish even more through better training, awareness and insight on human behaviour. Confidence, after all, is not a measure of technological systems, but of the people who are entrusted to manage them.”
The balance between seizing the opportunities and managing the digital risks your organisation faces. The balance between your people, processes and technology as each needs to play their role in any integrated and enterprise-wide response to better protect your most precious and valuable information assets. And collaboration is the key to success – collaboration between the leadership team and their risk, security and technology teams as well as collaboration with other key business stakeholders (comms, PR, marketing, legal, procurement) to ensure you’re well placed and prepared for a breach as and, almost inevitably, when it happens.
The impacts of not effectively balancing your digital transformation with effective digital resilience have already been keenly felt by too many organisations. So let’s stop focusing on the ‘C’ word and start to make digital resilience the critical business enabler it should be.