COVID-19 changed our day-to-day lives. As customers and employees, we’ve quickly become used to using virtual and digital services in nearly every part of our daily routines. And for many business leaders, they quickly transformed their business models, pivoted to digital channels and accelerated already planned technology rollouts (such as the move to cloud).
But in the flurry of accelerated transformations and agile implementations, organisations may have introduced vulnerabilities and exposed themselves to a growing number of risks across their business.
What’s more, since COVID-19, there’s been a seemingly never-ending stream of organised cyber-crime groups ready to exploit potential weak spots in new and old systems, including ruthlessly playing on uncertainties and fears over the virus.
The pandemic has brought with it the realisation that some organisations weren’t as secure as we thought — and KPMG’s recent Global Digital Transformation Survey* highlights how leaders increasingly see business protection as a priority issue and area for investment. Three-quarters of organisations say that increased security risk is an organisational priority following COVID-19 over the next six to 12 months, and two-thirds plan to increase their investments in data security over the next year. In both instances, they were ranked as the number one choices.*
Taking on trusted transformations
In the past, it was common that organisations perceived their security functions to be obstacles to progress. This perception should be put to rest. With digital journeys happening faster than ever before — and 63 percent put creating intelligent and agile services and technologies as a top priority* — I hope to inspire organisations to embrace security as an enabler.
I’ve seen organisations succeed in taking on this challenge, and the best leaders are pragmatists. They not only treat cyber security as a key to their future success, but also look to engender client and customer trust in their cyber resilience, in their protection of sensitive data and in the transparency of their approach.
How to move forward
In a dynamic global risk environment, organisations should make sure they’re best positioned to succeed in the new reality. Looking ahead, if you’re looking to invest in business protection, there are a few things to consider with an eye on trust and growth:
- Rethink culture with security by design: Organisations are shifting their development models to be more agile, so they should now adapt their approach to security. Enter security by design, a pragmatic approach that considers security as foundational to any new business initiative — and builds trust at every level. Businesses should look to break down barriers between security, IT, operational technology and business-facing functions, and promoting resilience by design across the enterprise. I’ve seen organisations do this well, and the leaders I’ve seen be best at this are pragmatists. They’ve been able to clearly articulate the risks to executives and tackle them with practical solutions (not perfect but sufficient). I’ve seen a new pragmatic relationship grow between the chief information officer (CIO) and the chief information security officer (CISO). It has helped them move quickly to new operating models and supported the creation of a more effective business.
- Make security unobtrusive, but robust: Every business interaction is an opportunity to build trust by embedding the right security and privacy controls. And as people have changed their daily routines and activities due to COVID-19, those controls should also evolve to deal with new patterns of fraud and exploitation. How do you help create and maintain trust in how customers are interacting with a service? It’s about trying to make the customer journey easier and nudging them toward more secure behaviours, backed by education and a respect for how you handle their personal information.
For example, some organised cyber-crime groups are reusing user passwords stolen in data breaches. Multi-factor authentication (e.g. using an authentication app or going through additional security checks) can protect users and customers against this attack. When done with care, multi-factor authentication can be seamless, tailored to the risks around the transaction — and inspire confidence in the security of the service.
- Backup and restoration: I’ve seen ransomware attacks scale up as attackers exploit remote working environments. Sophisticated ransomware attacks can cause large-scale encryption challenges and data loss, so a backup strategy is key. It’s well worth thinking through the worse-case ransomware scenarios and how you can restore your business, protect your brand and safeguard the interests of your customers and clients.
Ultimately, cyber security has the possibility to support and build lasting trust between people and organisations. KPMG firms can help you create a resilient and trusted digital world — even in the face of evolving threats. That’s because they bring a combination of technological expertise, deep business knowledge, and creative professionals who are passionate about helping to protect and build your business. Together, let’s create a trusted digital world, so you can push the limits of what’s possible.
Be one of the first to read the full insights from the report by registering to receive a copy.
* Source: A commissioned study conducted by Forrester Consulting on behalf of KPMG, April 2021.