Implementing Digital Transformation Without Stressing The Cyber Security Team

Communicating With Stakeholders And Designing For Outcomes With Cyber Policies

Jeff Orr

Cyber Policy In Digital Transformation

Cyber-attacks are a reality for every organization because of the increasing reliance on digital systems, application and processes. The damage from a cyber-attack can have long-lasting impact on an organization.

The role of building and maintaining a critical infrastructure security program falls upon the IT department and a specialized team chartered with protecting systems, personnel and sensitive company data.

Designing Company Cyber Policies For The Desired Outcome

The security team cannot do its job alone. An effective CISO will build relationships with stakeholders to extend the security posture beyond the actual security team. The outcome is reduced cyber risk for the entire organization.

Individual employees have a role in maintaining the security of company data as well. Many organizations use the HR onboarding process for new employees to define sensitive company data and convey policies for mishandling information. However, without strictly following these policies, including the termination of repeat offenders, employees may never hear about the data policy until they leave the organization.

Both the HR and security leaders are likely contributors to the organization’s policy on sensitive data definitions, data security management and enforcement. Together, they can prepare awareness materials for educating the workforce on the security posture and identify security awareness training opportunities.

See Related: Sharing Stakeholder Knowledge Between Enterprise Cyber And HR Executives

How To Communicate With The Organization’s Stakeholders

The stakeholders within the organization can include executives, advisors, and line of business management. How to communicate effectively with the various stakeholders should be approached with an eye towards understanding the needs of your audience. In many instances, this means how each part of the business values security. Common ground can be found through examination and tracking of key business measures and objectives.

Frequent review of these measurements to discuss the most significant vulnerabilities is a means to build relationships and communications channels with stakeholders. Whether it be the risk, compliance, audit or legal team, cyber risk is consistently defined, measured and reviewed.

Digital Transformation Is A Stressful Exercise For Cyber Security Teams

Digital transformation is adding stress to cyber security programs that are already challenged to keep pace with employees engaging with new technology and applications, and therefore requiring authentication.

See Related: World Economic Forum: 4 Reasons Why Passwords Are Becoming A Thing Of The Past

As more digital solutions are implemented, the risk to the organization increases by opening up new and evolving cyber threats. Without the cyber team involved in the planning and risk assessment process for digital transformation, additional stressors are added to the security prioritization challenge.

“Organizations, even when they can afford the expenses, tend to see cyber security as a cost and not an investment that brings value to the business," said Cloud Security Alliance (CSA) Executive Vice President for APAC Dr. Lee Hing-Yan during a Management Development Institute of Singapore (MDIS) conference panel. “It is thus important for companies to undertake risk assessment to analyze the potential business losses in the event of not having cyber security in place.”

See Related: Workforce Well-Being In The World Of Cyber