Digital transformation? Don’t bother unless you plan to address risk
How has your organisation’s risk profile changed in recent years due to its digital transformation?
At no time has this been more keenly felt than in 2020. The COVID-19 pandemic has pushed down the accelerator on many an organisation's digital plans. The rapid growth of remote working has meant fast shifts to cloud platforms and the adoption of productivity and collaboration apps to keep staff communicating, even if they are far apart.
According to a recent McKinsey Global Survey of executives, company respondents said that they had accelerated the digitisation of their customer and supply-chain interactions and of their internal operations by three to four years. For those with digital or digitally-enabled products in their portfolios, that acceleration is by as much as seven years.
In addition, respondents said that they expect the majority of these changes to be long lasting. Many are already making significant investments to ensure that these digital transformation changes stick around for the long haul.
Outside of the pandemic, another specific motivator of digital transformation is the opportunity to eliminate risks that stem from legacy processes. However, at least in the short term, this will bring forth new pressures which will alter an organisation’s risk profile.
That’s because digital transformation is a catalyst for change. As workflows migrate to the digital realm, organisations are met with a host of new threats which affect their risk profile. This is demonstrated in RSA’s 2020 Digital Risk Report, which includes findings from a study conducted across the globe which asked the question: ‘How has your organisation’s risk profile changed over the past two years, due to its digital transformation?’ Respondents also reported how they expect their risk profile to change over the following two years.
The results are in. In Western Europe, 87% stated that digital transformation is expanding their risk profiles due to new or increasing risk. The principle is a simple one: as an organisation’s digital surface area expands, more things come into contact with it.
Over the following two years, this statistic is expected to drop by a fraction, yet the unpredictability and ubiquitous nature of cyber risk could mean a greater period of time must elapse before risk profiles truly settle in the wake of digital transformation. What’s more, these patterns are similar globally, with North America and the APJ region yielding equally startling results.
There exists an ongoing tug-of-war. On the one side are the digital transformation initiatives essential to modern-day business survival, pulling enterprises towards success; on the other are the risks such initiatives simultaneously cause.
Digital transformation must dig in its heels to win the match, something that can only be achieved if management teams keep a close eye on both ends of the rope.
Build your risk profile
While risk profiles may more traditionally refer to health and safety, taking the time to identify what risks your digital transformation will unearth will allow your organisation to avoid them.
An organisation’s risk profile is comprised by evaluating the variety of threats faced. Numerical values are assigned to variables, quantifying the threat level each poses. The risk profile is closely associated with the risk appetite; that is to say, the amount of risk an organisation is willing to take on. Balancing the two is the key to ensuring digital transformation initiatives prove to be a success.
Here, organisations must ask themselves what threats a digital transformation initiative will come into contact with, and whether they are manageable or too hefty a meal for their appetite.
For instance, will transitioning from physical data centres to a cloud provider be too great a shift in controls? If you cannot afford the protocols that ensure cloud security, your appetite is too small and the initiative should, for now, be put on hold.
How to manage risk
Building a risk profile allows the organisation to identify where their security and risk management is lacking, and subsequently expand their capabilities in these areas. RSA’s 2020 report found that respondents indicated a desire to invest in risk management solutions proportional to the extent of digital transformation. With your risk profile in front of you, management can ensure that they spend the right amount on the right things to elevate initiatives.
This proportionality is indicative of the desire to keep pace with the rapid change that comes part and parcel with digital transformation. Effective digital risk management can keep digital initiatives on schedule, and ensure their effectiveness; conversely, retrofitting controls after implementation is generally much more costly and less effective.
There is no avoiding that a crucial element in managing risk is an expansion of resources. A flexible budget is necessary to handle the risk landscape’s rate of change. Expertise must be invested in to oversee security measures including threat detection and response, network security, and vulnerability management.
Managing risk isn’t solely about tackling the negative symptoms caused by digital transformation; instead, organisations must focus on the cause, namely, the initiative itself. Balancing the costs and benefits of initiatives, both in isolation and as part of wider movements, is the most effective method of addressing risk profiles that are threatening to spiral out of control.
While digital transformation is essential in the modern-day, too much of a good thing threatens to negate its benefits.
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Evaluate your order-to-cash process
15 recommended metrics to benchmark your O2C operationsDownload now
AI 360: Hold, fold, or double down?
How AI can benefit your businessDownload now
Getting started with Azure Red Hat OpenShift
A developer’s guide to improving application building and deployment capabilitiesDownload now