Cybersecurity is the first key step in digital transformation journeys, with 41% of UK technology leaders identifying it as an enabler of innovation within their organisation, according to research commissioned by Telstra.
In the aftermath of the Covid-19 pandemic, the UK experienced unprecedented levels of digital transformation. At the same time, an ever-evolving threat landscape means that security risks are on the rise, leaving organisations facing the difficult task of balancing rapid digitisation with security. In fact, senior technology decision-makers in the UK identified cybersecurity solutions (22%) as the most important factor affecting business transformation, ahead of business processes (17%), employee commitment (16%), leadership focus/buy-in (14%) and external investment and funding (13%). The findings suggest that security is no longer an afterthought, but actually the first key step in digital transformation journeys.
Although clearly essential, investment in security technology alone is not sufficient. People and culture are also critical. This is recognised in the culture that UK senior technology decision-makers are trying to create in their businesses. Eighty-three percent of respondents believe that they have an open security culture. For the purposes of this study, an open security culture was defined as “an approach to cybersecurity that values open dialogue and collaboration within a flat team structure, which avoids blame culture and encourages a transparent incident reporting process”. Other descriptions that rank highly include proactive (70%), collaborative (69%), transparent (68%) and inclusive (67%).
The research canvassed the views of 301 senior technology decision-makers - 151 who had suffered a data breach and 150 who had not. Of those who had not suffered a material breach, the most common characteristic used to describe the organisations’ culture was “collaborative”. At the same time, 75% of respondents agreed that removing silos and encouraging collaboration between business units reduces cybersecurity breaches. This highlights the critical need for decision-makers to foster a people- centric culture that enables better security, as well as business transformation, growth and success.
The study also reveals that senior technology decision-makers widely acknowledge the human risk element impacting their organisation’s cybersecurity resilience, with 29% recognising human error as a key factor. Other people-related factors, such as the hybrid working model (27%), a lack of security awareness across the wider business (26%), staff burnout (26%) and skill shortages (25%), are also amongst the most significant issues when it comes to organisational cybersecurity. When asked which events are most likely to cause a lapse in cybersecurity within their organisation, situations in which team members were stretched or below full strength, such as new staff onboarding (36%), team illnesses (34%), and absence of managers or team leads (31%), ranked highly. Non-employee related factors included major sporting events (36%), public holidays (35%) and nice weather (31%) also ranked highly. The findings suggest that, while security threats are a constant danger, security management and leadership must be receptive to outside distractions on the performance of their staff to mitigate risk.
Speaking about the findings, Rob Robinson, Head of Telstra Purple EMEA, said:
“CISOs are continuously adapting to keep pace with the ever-changing threat landscape. Today, the evolution of the role means that CISOs now play a crucial part in shaping the security strategy of their organisation from within the board. The question now is how they can entrench security best practices and behaviours within the workforce in order to facilitate the digitisation that is required to keep pace with modern expectations for innovation.
“Our research shows that most decision-makers recognise the importance of security in enabling innovation. It is therefore essential that security becomes engrained into the organisations’ DNA as they continue their digital transformation journeys. The other side of this coin is the critical role of culture in enabling better security, as well as business transformation, growth and ultimately the success of the business. By focusing on people and actively creating a collaborative, proactive, transparent and inclusive culture, organisations can empower employees to deliver value for the organisation through flexible, adaptable and innovative business transformation.”