Joe Gittens, Director of Standards, Security Industry Association
The physical security industry has joined other business sectors in fully embracing the age of digital transformation. As innovative ways of accessing, creating and processing information radically change the expectations of customers, enterprises are spending vast resources on their digital transformation strategies. While this fast-paced technological revolution is proving to add value to the top and bottom lines of businesses, attention to cybersecurity needs to be baked into the process – and cybersecurity is often overlooked by those companies that are beginning this journey. The Security Industry Association has joined business and technology leaders such as HP, Baker Mackenzie and The Wall Street Journal in supporting a first-of-its-kind research study, The Cybersecurity Imperative. The study, conducted by independent research company ESI ThoughtLab, collected data from a wide sample of over 1,300 global companies to provide cybersecurity benchmarking on how organizations are tackling cyber challenges via focuses on people and technology while in the throes of the new industrial revolution.
You cannot go to an industry trade show or trade press without being inundated with messages about the rise of new technologies such as artificial intelligence, the blockchain, open application platforms and the Internet of Things. While the business potential of these technologies is obvious, The Cybersecurity Imperative found a strong correlation between the digital maturity of a business (identified by maturity on the National Institute of Standards and Technology framework) and its cyber risk exposure. Particularly frightening, the study showed that over half of the companies that were digital leaders on the business end were not cybersecurity leaders. This combination of rapid digital expansion and lagging cybersecurity posture could be a powder keg, and the problem is expected to grow: new technologies mean new vendor partners. While only one in five businesses is currently concerned about the likelihood of being attacked through partners and vendors, that number rises to 70 percent when organizations are asked if they see the same as a risk they will have to deal within the next two years.
It’s not all doom and gloom; the research also goes into detail about what companies are doing correctly to keep cybersecurity on pace with digital maturity.
- Education is key; 87 percent of companies reported that general staff represented the greatest cyber risk within their organizations. More cyber- mature organizations invest in continuous training that bakes security into the culture of the organization, not only a quick onboarding.
- Investment is crucial; however, even more, important is a well-rounded and evolving investment strategy. Too much investment in technology without investment in skilled cybersecurity talent is a recipe for disaster; however, the reverse is true too – not even the most skilled cybersecurity talent can function effectively without the right tools of the trade.
- Engagement is necessary. This engagement should be at the C-suite and board levels. Companies should consider recruiting leaders with information technology and cybersecurity expertise. An organization must ensure that the leadership team is given a clear picture of cyber preparedness, improvements in risk identification and knowledge of the cyber talent/technology portfolio of the organization.
The impact of cybersecurity incidents is disruptive – to operations, finances, and reputation. The stakes are too high for organizations to not have well-rounded cybersecurity plans in place connected to their overall digital maturity. Business leaders must embrace network security just as readily as they embrace new avenues of digital customer interaction, and The Cybersecurity Imperative shows that they are not alone in this journey.
About the Author
Joe Gittens is the director of standards for the Security Industry Association. In this capacity, he is the staff liaison in direct support of the various technical efforts underway in the SIA Standards subcommittees and working groups. Joe provides leadership in assessing and educating SIA members on emerging technologies that require the industry’s attention – advancing the continued convergence of physical and information security. He was recognized as a 2016 American National Standards Institute Next Generation Standards award winner for his work with SIA and liaising with other standards development organizations. Joe holds degrees in mechanical engineering and economics from the University of Virginia and spent his early career performing technical research in various fields ranging from information technology to financial services.