Cybersecurity – An unexplored view, beyond privacy, risk management & safety

In this article we’d like you to consider the benefit of looking at Cyber-security beyond privacy, risk management and safety in order to consider the value of elevating it for strategic business value.

By Alok Patel and Lani Refiti

Managing risk thereby providing safety from effective cybersecurity (Cyber) is a fundamental requirement in this day and age. Where privacy remains an ethical, legislative, and regulatory imperative for data (and information systems) ensuring the integrity of operations because of Industry 4.0 technologies is no less important (but perhaps is more critical in terms of the likely impact). Yet, whilst the criticality of the integrity of operations is important, industry spending in Cyber is set to slow[1].

Why? For the most part, the easiest conclusion is that spending has not yielded an increase in confidence in a business’ ability to conduct its operations safely and without further threat of attack.

The chart above highlights just how complex cyber security is becoming – but also, as we believe – how powerful it could be if it is elevated to enhancing business – being moved to from the technology domain to strategic business value (strategy). As a Gartner report[2] stated,

“Society treats cybersecurity like a black box of technology. And security people are treated like wizards. Execs give them some money, the wizards cast some spells, and if something goes wrong … somebody made a mistake and … I guess we need some new wizards.”

Activating Strategic Value for Business

Whilst a business is always responsible for profitability (and as a separate note, capable of adopting responsibility for better social, environmental and governance – but that’s a whole other subject!).

Strategic business value is how we reference a business’ ability to increase a customer’s willingness to pay or access a new market (whether adjacent or a compliment to the business existing market).

With this inherent need to create (economic) value – why do we permit risk or compliance to remain benign? Perhaps when we do things for compliance, the typical approach is to do the minimal needed to mitigate the risk, rather than the most relevant/appropriate to ensure effective and efficient operations (and thus value or benefit).

"When reporters asked Alan Shepard (Astronaut) what he thought about as he sat atop the Redstone rocket, waiting for lift-off, he had replied, 'The fact that every part of this ship was built by the lowest bidder.'

Acknowledging that the problem is complex and involves both technical expertise, executive support, and a Board of Directors (Board) mandate – we’ve framed the considerations (below) for shifting the application of Cyber to move beyond a governance role to also create value.

The task ahead for evolving Cyber to become more than a critical IT function to a competitive advantage will be a team effort.

This commences of a series of articles that challenge the premise and value of Cybersecurity for industry experts, executives, and boards as we go deeper into our perspective on the industry and its ability to create value. For the time being, we hope that this might lead to elevating conversations and helping support the mandate for cybersecurity as a strategic business function.

[1, 2] The Urgency to Treat Cybersecurity as a Business Decision

Authors

Alok Patel (@alokdocpatel)

Alok is a, 'Future of Cities (Smart Cities, emerging technology and infrastructure),' thought explorer. His gift and strength that allow him to formulate pragmatic vision(s) inspires managers to see greater potential to bring economic prosperity and positive social and environmental impact.

Alok is a positive and driven business executive who has developed his leadership skills over 15 years across the military (Australian Army), management consulting, real estate, and private equity/venture capital. He has developed successful strategies (from corporate initiatives, programs and projects) that create value through emerging technology investments and digital transformation. He is an out-of-the-box thinker whose creativity centres on business models that harness technology and the talent of motivated teams that yearn for greatness. He has worked across large capital assets transactions valued over AUD$4bn, led complex transactions and managed projects with net value worth over $100mil.

Lani Refiti (@Lanirefiti)

Lani is a long-time cyber security specialist with expertise in the area of business technology and management consulting, amassing over 20 years' experience in emerging technology adoption - IoT & A.I, risk/cybersecurity, startups and building and leading highly successful teams. He advises several startups in the areas of technology and business/market strategy and serves as Chief Executive Officer of IoTSec Australia Inc, an industry advocacy and research initiative to promote secure practices in the IoT ecosystem (www.iotsec.net.au). 

Lani has a keen interest in personal and applied leadership and hold a Masters, Psychotherapy (M.Gest.Therapy) with a focus on emotional intelligence as a catalyst for effective leadership and influencing organisational change.