Cybersecurity – An unexplored view for Boards: Beyond privacy, risk management & safety
In part two of our series we discuss, “Strategic business value,” and how cybersecurity is a platform for developing trust through a consistent (and higher) level of integrity (of operations). In particular we focus on what matters to the Board of Directors (Board).
Strategic business value is how we reference a business’ ability to increase a customer’s willingness to pay or access a new market (whether adjacent or a compliment to the business existing market).
Cybersecurity (Cyber) is a contemporary challenge for Boards and their obligations to define strategy, and although cybersecurity is synonymous with risk management, Boards often do not have a holistic appreciation of the risks and potential challenges (and opportunities) it presents.
However, “Directors should treat their organisation’s online assets with the same level of care and attention that they pay to their organisation’s real-world assets. Both are inextricably linked,” writes Rachael Falk, CEO Cyber Security Co-operative Research Centre, AICD.
Cybersecurity in 2021 will need to be approached more holistically rather than merely a technology risk to be treated functionally. Businesses must manage the need for governance, risk (with compliance) whilst remain competitive. But competing alone isn’t even enough…
Strategy: Compete to Win
Professor Michael Strategy, Harvard Business School, is often quoted saying 'strategy' is used promiscuously. He defines strategy as, “a long-term set of choices (to help you win in a given market).” And we couldn’t agree more – and yet, you will struggle to find many 'strategic plans' or 'strategy on a page' that clearly define the conditions to win (not just participate).
How Boards should view Cybersecurity
We propose two distinct ‘business’ traits for Cyber. First of all, integrity – which ensures that information and devices can be dependable for operations, planning and decision making/authorisation which aligns with articulation of a “Strategic Business Value Proposition.” Secondly, establishing trust in a brand/non-tangible assets for your organisation – whilst aspects of trust are garnered through effective communications of breaches to your business, higher integrity operations form a strong basis of establishment of trust.
Separating the Value Proposition from Cyber Operations
Cyber operations can be defined as the programmatic approach to cybersecurity or BAU (business as usual) that organisations apply to maintain day to day operations. It is the confluence of people, process and technology in a programmatic fashion to meet the stated cyber risk tolerance of an organisation and is built on a strong risk and governance approach (along with compliance where required).
Key business characteristics to reframe:
- Expect all executives to set condition statements that include parameters on how (Cyber) integrity is key to delivering objectives;
- Define strategic value proposition (Conditions for winning)
- Lead technology executive (CTO, CIO or CISO) to characterise where and how integrity (of Operations) supports Strategic Value Proposition
- Re-align Cyber as part of organisational culture (similar to safety)
Depicted in the graphic below, Cybersecurity could be measured as a strategic value proposition (SVP) rather than a cost (to do business). Executives should recognise the difference(s) in alignment (between cost and value proposition) to increase an organisation’s product/service to demand a higher 'willingness to pay' (tangible value).
Summary - The Role of Trust
The opportunity to reframe Cyber for strategic business value is attainable and potentially hugely beneficial. It involves a key collaboration between board and executives and would be of value being injected into your upcoming strategy retreats/corporate planning sessions.
In an Australian Company Director’s Article, “The Role of Trust,” described trust being multi-faceted. One of the key roles was in its role in supporting predictability/reliability. And it is this characteristic that we believe is key to better utilising Cybersecurity. When information or operational assets are being hi-jacked or cannot succeed as designed, then trust is eroded – something critical for business in the modern age.
Authors
Alok is a, 'Future of Cities (Smart Cities, emerging technology and infrastructure),' thought explorer. His gift and strength that allow him to formulate pragmatic vision(s) inspires managers to see greater potential to bring economic prosperity and positive social and environmental impact.
Alok is a positive and driven business executive who has developed his leadership skills over 15 years across the military (Australian Army), management consulting, real estate, and private equity/venture capital. He has developed successful strategies (from corporate initiatives, programs and projects) that create value through emerging technology investments and digital transformation. He is an out-of-the-box thinker whose creativity centres on business models that harness technology and the talent of motivated teams that yearn for greatness. He has worked across large capital assets transactions valued over AUD$4bn, led complex transactions and managed projects with net value worth over $100mil.
Lani is a long-time cyber security specialist with expertise in the area of business technology and management consulting, amassing over 20 years' experience in emerging technology adoption - IoT & A.I, risk/cybersecurity, startups and building and leading highly successful teams. He advises several startups in the areas of technology and business/market strategy and serves as Chief Executive Officer of IoTSec Australia Inc, an industry advocacy and research initiative to promote secure practices in the IoT ecosystem (www.iotsec.net.au).
Lani has a keen interest in personal and applied leadership and hold a Masters, Psychotherapy (M.Gest.Therapy) with a focus on emotional intelligence as a catalyst for effective leadership and influencing organisational change.