We continue to live and operate in a world where misinformation, data breaches, cyber espionage, a lack of digital trust, political misuse of data and a general lack of our moral compass dominate the headlines. For companies the cyber topic is pivotal to success; Especially when you consider the effort and investment made in adopting new digital technology and processes. Yet, we find organizations still providing only hollow words to the topic of cyber risk.
The challenge for most Boards, executive teams and other leaders is around being able to de-mystify the topic of cyber. This is naturally important in order to get the full attention of the decision makers. One of the reasons cyber is considered ‘mysterious’ is because it is invisible–until the damage is done. The destruction that cyber events can cause can be compared to a war; some governments compare it to a nuclear war. Evidence will clearly demonstrate that our kids, our grand-parents, organizations and communities are under attack. To some, this may sound dramatic and ‘hype-like’ until you realize that livelihoods are severely disrupted, and social progress is hampered.
Organizations play a pivotal role in our society and often are entrusted to act in a responsible and sustainable manner, as well as keep the employees and the communities safe. In the world today, I would argue that this trust is diminishing, and leaders need to step up and be responsible.
More than 80% of the companies in the industrial and manufacturing sector have seen an increase or significant increase of attacks over the last two years.
What should leaders do next?
In a recent Deloitte study, more than 80% of the companies in the industrial and manufacturing sector have seen an increase or significant increase of attacks over the last two years. We do not need more evidence to confirm we are under attack, leaders needs to act.
- There is a plethora of cyber risks, but it is not limited to IT. It is pervasive in our production facilities, and in the products that are sold. Leaders must drive an agenda of the ‘single source of truth’. In other words ensure when they ask the question of ‘what is our cyber risk posture?’, to receive a comprehensive response covering IT, plant/production and product (IoT, IIoT).
- We have all had those moments where we are listening to a cyber expert in a Boardroom and we appreciate the seriousness of the situation. But, once that Power-Point is done, the focus on cyber is lost, or rather it is delegated to the ‘cyber team/leader/CISO’. Perhaps an acceptable approach 10 years ago. Today it is crucial that cyber is seen and acted upon in a strategic manner. E.g. look ahead (3-5 years) when budgeting for cyber and link it to how the future of the business will evolve, rather than looking at an annual cyber budgeting cycle.
- Individual Organizations can only do so much with the limited resources to protect against the threats, especially those crafted by Nation-Sates and Organized Cyber Criminals. Choose your battles, intentionally choose where you will invest to protect the company, and where you will accept a higher risk, then ensure you are fully capable of recovering when you are breached. Interestingly in our recent Industrial & Manufacturing survey, more than 60% of organizations did not have a response plan to an attack.
- It is time that the ‘force for good’ ecosystem worked closer together, so organizations should consider collaborating in a meaningful way with peers, competitors, universities, Thought Leaders, and others to improve the management of the cyber risks, and seek efficiencies as well as economies of scale.
- Organized crime and Nation State attacks are on the increase, and the supply chain is becoming a key target to get to the destination of attack. Companies should collaborate in a meaningful way with their third parties to ensure the threats are managed all along the chain. It is not about imposing protocols and policies on third parties, but rather collaborating to find the best way to manage the risks.
- Rightfully so, there is an acute focus on climate change and promoting sustainability. To do it effectively there is no doubt that digital solutions and technology is going to be at the heart of change. Yet, we are already noticing that when these new technologies are applied, cyber is not being considered. Naturally the attackers or criminals are taking full advantage on this.
Could cyber security be a competitive edge? The jury is out on this. But it is safe to say that organizations who are able to demonstrate that they can be trusted, can recover from a significant breach in a responsible and efficient manner will capture the market.
All in all, those who have adopted a responsible approach to managing cyber threats will win the customers hearts.
This blog post was originally published in Deloitte’s blog 29 June 2021.