• As digital transformation of business picks up speed, cybersecurity increases in importance.

• Digital Transformation Officers must build cybersecurity into a company's organizational structure.

• Growing uptake of cloud services present a pressing security risk.

Embracing new technologies defines a company’s competitiveness on the market today, its efficient operation and its future development. As businesses go remote, many of them transfer their valuable data to the cloud – experts predict up to 60% will be using external provider services by 2022. This allows companies to tune internal communications, process and store larger amounts of data and deliver more value to customers.

The Digital Transformation Officer (DTO) plays the key role in managing the strategic approach necessary to successfully undertake such transformations. Part of that success means managing cyber-risk. In fact, the World Economic Forum, in its guidance to boards of directors, recommends that organizational design supports cybersecurity. The DTO has significant responsibility in making sure this important obligation is met.

Among IT initiatives worldwide, digital transformation is a leading priority.
Among IT initiatives worldwide, digital transformation is a leading priority.
Image: Statista

Investments in digital transformation are projected to reach $1.78 trillion in 2022. In this regard, the DTO plays the key role – their task is to drive the company’s digital transformation by ensuring seamless integration of novel technologies into business operations. This mission is complex and does not only mean introducing new software and hardware. It is about full revision of internal and external processes, training of staff, and, perhaps most crucially, implementing new approaches to security.

The need for the effective cybersecurity is growing in parallel with the increasing digitalization of work processes. Over the past two years, many industries have seen a substantial rise in security incidents.

Cyberattacks are rising across multiple sectors worldwide.
Cyberattacks are rising across multiple sectors worldwide.
Image: ENISA

Unless a DTO pays sufficient attention to security, one incident may disrupt the whole strategy of a company’s transformation and future development, bringing enormous financial and reputational damage. For example, in 2021 the average cost of a data breach has risen to $4.24 million, the highest in the past 17 years.

The main challenge for a DTO is not only to take a company to new heights through digital transformation, but to ensure that transformation is sustainable. This means she or he must ensure continuity of the company’s processes and not let a single cyberattack disrupt operations. With that in mind, cybersecurity becomes an integral part of every digital transformation strategy.

We recommend DTOs consider the following trends:

1. Securing digital assets

Moving to remote work revealed a lot of challenges and new risks – one in five companies were not ready to ensure stable business processes in case of failures in their IT infrastructure. To stay on the safe side, a DTO should manage a detailed inventory of digital assets. This will point out the most important resources that require protection in the first place, be they data, network repositories or workplaces; it may also reveal a wide range of unaccounted assets that could appear during digitalization. BI.ZONE research shows that 60% of data leaks and 85% of network compromises are linked with such assets. These incidents may disrupt the company’s daily operations. To avoid that, the digital assets need to be accounted and secure.

2. Cloud security

Moving to cloud offers companies significant flexibility as well as potential security benefits. Still, there are certain challenges, most commonly when a company becomes dependent on only one cloud service provider, e.g. due to specific data storage formats. In the event of vendor lock-out – if the service provider goes bankrupt, leaves the market, or suffers a cybersecurity incident itself – all the company systems in the cloud will be unavailable. In light of these challenges, the DTO needs to have a deep understanding of how their company is using and securing the cloud. It is important to learn in advance what solutions and formats are utilized by the supplier, as well as their compatibility with formats by other vendors, and to assess the cybersecurity level of this supplier. A DTO can arrange this internally or hire third-party IT experts for help.

3. Developing skills to operate novel technologies securely

Recognizing the human factor in digital transformation may offer significant benefits. Digital transformation requires new skills both from technical and non-technical specialists. Human mistakes and lack of knowledge often lead to cyber-incidents, notwithstanding a company’s investments into expensive security means. BI.ZONE research shows 80% of successful cyberattacks utilize social engineering methods. Therefore, a DTO can reduce the risks of incidents by promoting regular trainings for every employee and top management on how to work safely in the new digital reality.

4. New approaches to cyber-incident management

If any crisis strikes, the company should be ready at all levels to keep the operations going. A DTO should work closely with the company’s Chief Information Security Officer (CISO) to improve and regularly update business continuity and incident response plans, and to promote regular crisis-management trainings for all company members, including the board. Also, it is important for a DTO to be aware of the latest trends, and to test and introduce new methods of incident management. For example, there are managed detection and response services that foresee proactive approach to threats, or threat intelligence for building better security. Smooth introduction of these approaches may require specific experience and supervision of experts.

5. Outsourcing cybersecurity tasks

As digital transformation is an ongoing process, these tasks are complex, require substantial investments and may turn out rather difficult for a company to deal with. Besides, businesses are facing a deficit of qualified personnel – the global shortage for cybersecurity specialists has hit 3 million. Today there are expert organizations that help companies to go through digital transformation securely. They possess the required experience and capacities, the expensive equipment and software, and are aware of the tendencies within the field. They can also help to address cybersecurity issues and avoid common mistakes.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum's Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority.

Our community has three key priorities:

Strengthening Global Cooperation - to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.

Understanding Future Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.

Building Cyber Resilience - to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.

Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.

The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.

For more information, please contact us.

Digital transformation is a challenging but manageable task. It is important for a DTO to work as a team with the CISO, senior leadership, and the board and to stay tuned with the rapid changes in business and technologies. Addressing all the elements in a cross-functional way and prioritizing cybersecurity will facilitate secure digital transformation and ensure your company’s stable development for years to come.