Digital transformation? Don’t bother unless you plan to address risk
Migrating to digital plains brings a host of new threats to your door that if left unaddressed will curb DX benefits
One specific motivator of such initiatives is the opportunity to eliminate risks that stem from legacy processes, but at least in the short term, the variety of digital transformation brings forth new pressures which are altering organisation’s risk profiles.
That’s because digital transformation is a catalyst for change. As workflows migrate to the digital realm, organisations are met with a host of new threats which affect their risk profile. This is demonstrated in RSA’s 2020 Digital Risk Report, which includes findings from a study conducted across the globe which asked the question: ‘How has your organisation’s risk profile changed over the past two years, due to its digital transformation?’ Respondents also reported how they expect their risk profile to change over the following two years.
The results are in. In Western Europe 87% stated digital transformation is expanding their risk profiles due to new or increasing risk. The principle is a simple one: as an organisation’s digital surface area expands, more things come into contact with it.
Over the following two years, this statistic is expected to drop by a fraction, yet the unpredictability and ubiquitous nature of cyber risk could mean a greater period of time must elapse before risk profiles truly settle in the wake of digital transformation. What’s more, these patterns are similar globally, with North America and the APJ region yielding equally startling results.
There exists an ongoing tug-of-war. On the one side are the digital transformation initiatives essential to modern-day business survival, pulling enterprises towards success; on the other are the risks such initiatives simultaneously cause.
Digital transformation must dig in its heels to win the match, something that can only be achieved if management teams keep a close eye on both ends of the rope.
Build your risk profile
While risk profiles may more traditionally refer to health and safety, taking the time to identify what risks your digital transformation will unearth will allow your organisation to avoid them.
An organisation’s risk profile is comprised by evaluating the variety of threats faced. Numerical values are assigned to variables, quantifying the threat level each poses. The risk profile is closely associated with the risk appetite; that is to say, the amount of risk an organisation is willing to take on. Balancing the two is the key to ensuring digital transformation initiatives prove to be a success.
Here, organisations must ask themselves what threats a digital transformation initiative will come into contact with, and whether they are manageable or too hefty a meal for their appetite.
For instance, will transitioning from physical data centres to a cloud provider be too great a shift in controls? If you cannot afford the protocols that ensure cloud security, your appetite is too small and the initiative should, for now, be put on hold.
How to manage risk
Building a risk profile allows the organisation to identify where their security and risk management is lacking, and subsequently expand their capabilities in these areas. RSA’s 2020 report found that respondents indicated a desire to invest in risk management solutions proportional to the extent of digital transformation. With your risk profile in front of you, management can ensure that they spend the right amount on the right things to elevate initiatives.
This proportionality is indicative of the desire to keep pace with the rapid change that comes part and parcel with digital transformation. Effective digital risk management can keep digital initiatives on schedule, and ensure their effectiveness; conversely, retrofitting controls after implementation is generally much more costly and less effective.
There is no avoiding that a crucial element in managing risk is an expansion of resources. A flexible budget is necessary to handle the risk landscape’s rate of change. Expertise must be invested in to oversee security measures including threat detection and response, network security, and vulnerability management.
Managing risk isn’t solely about tackling the negative symptoms caused by digital transformation; instead, organisations must focus on the cause, namely, the initiative itself. Balancing the costs and benefits of initiatives, both in isolation and as part of wider movements, is the most effective method of addressing risk profiles that are threatening to spiral out of control.
While digital transformation is essential in the modern-day, too much of a good thing threatens to negate its benefits.
Digital document processes in 2020: A spotlight on Western Europe
The shift from best practice to business necessityDownload now
Four security considerations for cloud migration
The good, the bad, and the ugly of cloud computingDownload now
VR leads the way in manufacturing
How VR is digitally transforming our worldDownload now
Deeper than digital
Top-performing modern enterprises show why more perfect software is fundamental to successDownload now