Digital transformation: 4 post-pandemic security priorities

Amid pandemic-related disruption, security has become inseparable from digital transformation. Consider these priorities for building trust with colleagues, customers, and regulators
261 readers like this.

Businesses are at a crossroads on their journey to recover from the COVID-19 pandemic. Budgets are tight, but sizeable investments in digital transformation are needed. Companies continue to face the complex challenges associated with enabling a remote workforce, shifting their business model to overcome supply chain disruption, or embracing a new digital platform for the first time.

For many companies, the rapid adoption of new technologies to support these transformation initiatives – full-stack cloud, virtual desktop interfaces, identity-based segmentation, and more – has left little time to test new processes or fully address the new threat landscapes they are now confronting.

Vulnerabilities and risk exposures with existing systems within the organization must be proactively remediated from the start, prioritized by the level of threat they pose as well as the value they would add in enabling the adoption of new technologies. Companies are increasingly seeing cybersecurity as non-negotiable – inseparable from digital transformation.

[ Read also: How to beat digital transformation fatigue and Digital transformation: 5 ways COVID-19 is forcing positive changes. ]

Here are some thoughts from my team on how and why the following focuses in cybersecurity will pay off, and where cyber is headed in the coming months and years.

1. Build trust internally

Integrating the security function into the larger business will create an environment of trust internally as well. To succeed, executives must:

  • Meld their security and business strategies. Especially as new technologies are strategically adopted in response to COVID, cyber must be a partner in the journey.
  • Bring CISOs into the fold early when new technological endeavors are being considered rather than when they are already underway.

Indicators from our latest Digital Trust Insights Survey are encouraging, with more than 50 percent of CISOs and CIOs reporting an increase in their communication with the board and C-Suite.

2. Build trust with consumers

As the pandemic has moved so many aspects of work and life online, consumers are increasingly expecting an additional emphasis on cybersecurity and responsible data use. Companies will need to demonstrate that their investments in cybersecurity infrastructure and data storage and collection will be able to meet this growing consumer demand.

Beyond that, organizations will need to show how they not only met but exceeded the bare minimum required by regulators in order to win over consumer trust. And lastly, data privacy and security are increasingly becoming priority items in most organizations’ ESG agendas. The only way to make all this happen is to integrate security protections into all aspects of the business.

[ Get answers to key digital transformation questions and lessons from top CIOs: Download our digital transformation cheat sheet. ]

3. Build trust with regulators

Good cybersecurity is also a matter of compliance, as regulators increasingly demand more transparency and proactivity. CISOs should be working with legal and public communications teams early and often to help build the narrative for regulators on how their data collection and storage methods go beyond expectations for protecting consumer and employee privacy.

The extent to which CISOs can demonstrate to regulators that they are operating securely and transparently will determine how they are regulated in the years to come.

The extent to which CISOs can demonstrate to regulators that they are operating securely and transparently will determine how they are regulated in the years to come.

US Federal: Regulators are closely observing companies’ pandemic preparedness, continuity, and operational resilience.

US State: The state of California is expected to build on its landmark CCPA privacy legislation with a new measure – the California Privacy Rights Act (CPRA) – up for referendum this November.

Europe: EU courts recently invalidated the Privacy Shield – which had been used for years to enable personal data transfers between the EU and U.S. – setting the stage for immense disruption to international businesses. CISOs will be key in helping companies put in place additional privacy measures to satisfy EU regulators.

4. Build resilience for the next crisis

Security teams were often not included or brought in late for past digital transformation projects, leaving both the teams and their companies underprepared and unequipped for the massive operational shift that came with COVID-19. The companies that incorporated security into their pre-pandemic moves are faring best in today’s environment.

The companies that incorporated security into their pre-pandemic moves are faring best in today’s environment.

As companies continue to accelerate into the cloud to facilitate remote workforces and provide agility and scalability quickly, security teams will need to work double-time and in tandem with teams across their organizations to catch up, first acting as risk mitigators for rapid digital transformation and eventually turning into business enablers whose impact will be felt long after COVID-19 has passed.

These teams will help build resilience by finding answers to the following questions, in preparation for the next crisis:

  • How do we ensure a seamless experience for our customers?
  • Where are our most important assets/services?
  • How are we protecting critical data?
  • Who gains access to our network and how?
  • What controls must we update to function in a predominantly remote work environment?

In uncertain times, cybersecurity remains a constant

CISOs, security teams, and companies face an uncertain economic future, an increase in cyber threats and vulnerabilities due to remote work and forced shifts to online platforms, and a quickly evolving regulatory landscape. Through all of this, the trust of their customers, employees, and regulators is at stake. For these reasons, even as resources become increasingly scarce, investment in cybersecurity has never been more important.

Organizations that commit to robust and integrated cybersecurity capabilities will find it to be a differentiator, positioning them as safer and more trustworthy than their competitors. But most importantly, a strong commitment to cybersecurity will enable companies to emerge stronger and better prepared to handle future large-scale disruptions.

[ Culture change is the hardest part of digital transformation. Get the digital transformation eBook: Teaching an elephant to dance. ]

Sean is a Principal in PwC’s Advisory Practice, where he is the US and Global Cybersecurity and Privacy practice leader.