Securing the Digital World

Expanding the Digital Risk Conversation

Aug 11, 2019 | by Heidi Bleau |

Digital transformation is the foundation of business transformation today. As organizations race to innovate, compete and find new ways to deliver value to their customers, digital transformation requires rapid changes in areas including processes and technology—and perhaps the most profound—how people collaborate.

According to the Dell Technologies Digital Transformation Index, a survey of more than 4,600 global business leaders, 78 percent indicated digital transformation has been slow and should be more widespread within their organization. This is due to several persistent barriers, according to respondents, with cybersecurity and data privacy topping the list above budget, resources and expertise. This is hardly surprising as organizations struggle to address the risks brought on by digital transformation.

Technology is being developed and adopted at lightning speed, bringing with it a multitude of unfamiliar risks. In their efforts to understand and address the risks, organizations are required to undergo cultural changes that will help them overcome the barriers to more rapid digital transformation. These changes include investing strategically in technology, developing in-house digital skills and talent, fostering a culture of collaboration and making digital goals part of business objectives.

Cultural change in support of digital transformation starts with getting risk and security teams to collaborate more effectively. We still see the security vs. risk division in play every day, with those who are responsible for managing business risk tending to focus on the potential of digital transformation to advance the business, and those who are responsible for security being more likely to focus on its potential to jeopardize the business. Who is right? The answer, of course, is both.

Cultivating the ability to align the conversation between risk and security teams so they are both speaking from the same podium is the first step toward widespread digital transformation. This is why RSA developed its Digital Risk Index tool, which is designed to help security and risk professionals expand the conversation about digital risk with their leaders and peers, and to give them insight into where various parts of the organization are in their understanding of digital risk.

Another challenge in achieving cultural change involves successfully promoting the idea that digital risk is a business risk and elevating the conversation about it to the board level. In the Deloitte 2019 Future of Cyber survey, 77 percent of CISOs reported that cybersecurity issues are on their board's agenda at least quarterly. This is a sign of progress, but there are still many questions. Who else is involved in delivering that message to the board? Is the CRO, or even the CFO, part of that conversation? Is the message that organizations are prepared to quantify digital risk, or are risk discussions still largely driven by regulations and compliance?

Cultural change also requires the right people at the helm, but the lack of consistency in reporting structures can be crippling. According to the Deloitte survey, in some organizations, the role of the CISO is strategic, reporting directly to the CEO. In others, it is still viewed as an operational role reporting in through various functions including the CIO, the CTO and even the head of compliance.

The success of digital transformation, and the success of managing the risks it brings, will largely depend on communication and collaboration, to ensure the right stakeholders are involved and the digital strategy is agreed upon and embraced across all business functions. As Deloitte puts it, "To drive effective execution of a cyber risk program, executive management needs to structure their cybersecurity leadership team to drive communication and implementation of security across the enterprise and have both the authority and expertise to do so."

# # #

Join us for a live webinar, Expanding the Conversation on Digital Risk, where a panel of experts will discuss ways security and risk management leaders can ensure cybersecurity and digital risk remain regular agenda items at board meetings.

Get the RSA e-book, Tackling Digital Risk Together, for tips on how security and risk management leaders can start to build the case for collaboration.

Join the #TalkingDigitalRisk conversation on Twitter and social media by following @RSAsecurity