Our new remote work reality has made it crucial for businesses to have robust cybersecurity systems. There has been explosive growth in the industry along with significant investments in cybersecurity measures.
However, as many quickly scaled these efforts, it is apparent that simply investing in cybersecurity will not be enough. Strategic considerations will need to be made to allow for better digital infrastructure and risk mitigation practices. Below, we assess the landscape and answer some commonly asked questions around risk, budgets, supply chain and more.
Companies should be assessing and rebuilding their infrastructures now
It is important to know where you are on the spectrum regarding risk management and how best to mitigate it. If a company has little to no background in technology or cybersecurity, it is vital to partner with a third-party entity for a strategic perspective. If you are debating whether your business needs this level of attention, consider how cyber threats are currently being handled. This can involve investigating industry-specific security threats, evaluating how to handle company data correctly, and reviewing past cybersecurity issues.
It is important to understand the different requirements necessary for robust cybersecurity risk management and governance. Moving forward, how businesses govern, identify, detect and respond to risk will be crucial to managing cybersecurity needs. Businesses also need to make sure that in their material technology supply agreement, they have appropriate security compliance provisions that layout in clear terms the various cybersecurity requirements for their technology partners.
CISOs and CFOs must work together to improve their digital infrastructure
For cybersecurity, prevention is better than the cure. Naturally, CISO’s will look for more budget to support cybersecurity requirements and preventative measures. There need to be healthy conversations with the CFO as these will be significant asks. CFOs need to keep in mind that cutting a CISO’s budget could lead to increased risk, and if that risk manifests itself, you’ll end up paying more with a breach.
When CISOs and CFOs review significant budget questions related to cybersecurity, we see the value in enlisting a focused cybersecurity service provider to undertake a robust maturity assessment. This is a crucial step in making informed decisions as they can report and identify the gaps and areas of focus in the short term and help navigate businesses through a crowded landscape.
Given the changes in the market, we are now seeing pure player niche cybersecurity firms being used more frequently, as opposed to more generalist technology service providers. Both CISOs and CFOs must ask themselves: is this an option for us? If so, what type of investment will it take?
Cybersecurity contracts, provisions, and budgets are becoming more robust
The exposure from ransomware attacks is considerable, and resolving them is a complex task. We have observed that more companies are beefing up cybersecurity provisions in technology supply contracts due to the claims and costs resulting from a breach. With insurance provisions and security policy, it is important that the risk and sourcing teams work closely together to ensure supply agreements contain appropriate provisions.
The trend is for suppliers to expect an increase in requirements in terms of the total dollar value relating to cybersecurity insurance provisions, with examples as high as hundreds of millions of dollars. Another feature in cybersecurity risk management is the requirement for a specific security policy document in the schedule to an agreement that calls out various items that suppliers need to subscribe to. This would include content such as a primary objective statement, an obligation to undertake a risk assessment, the implementation of specific organizational security measures, and various other compliance requirements.
Strategic cloud cybersecurity will bolster a company’s supply chain
There are so many supply chain issues in the market today, including shortages, peaks in demand, unpredictable lead times, all alongside the global volatility of the labor market. Cybersecurity attacks are becoming the biggest culprits with supply chain breaches, which start with sub-par cloud infrastructures.
As many companies move to the cloud, they will have to continue to manage legacy infrastructure, which comes with complexities. The mistake or flawed assumption is that the cloud will solve all cybersecurity risks. That is not the case – it has to be strategically strengthened. Cloud protection certainly helps, but companies also need to have organizational responsibility to make sure they are managing risks end to end in their supply chains.
Companies need to ensure they have resilience in supply contracts to mitigate the costs, and have compliance in place with supply chain partners to ensure they have the appropriate rigor.
IT investment will continue to rise
COVID-19 has emphasized the essential role that smart IT investment plays in business performance. Proxima’s Finance Leaders Outlook 2021 Report revealed that both US (74%) and UK (72%) finance leaders say that IT investment has risen significantly as a budget priority due to the pandemic.
The past year has propelled IT to the top of many agendas, and this C-suite priority is here to stay in 2021 and beyond.