Too many firms have head in cybercrime clouds - Michelle Hawkins

A great deal has been written about the power of cloud technology to innovate and transform the fortunes of an organisation, but even as the headlines are dominated by cybercrime, there can be a chasm between firms ready to talk about cloud and online security as part of the same conversation and those who are not.

Michelle Hawkins, managing director for Accenture, Scotland
Michelle Hawkins, managing director for Accenture, Scotland

Rapid cloud adoption has helped cost reductions, new product or service development and customer satisfaction for businesses as diverse as financial services through to hospitality. If they are not cyber resilient, however, growing with confidence is surely in jeopardy.

And there’s the rub. According to our research, despite firm belief in cloud, 32% of those questioned say that security is not part of the discussion from the outset and they’re trying to catch up. Another 81% reveal that “staying ahead of attackers is a constant battle and the cost is unsustainable” compared with 69% in 2020.

Sign up to our Opinion newsletter

The Accenture State of Cybersecurity Report 2021[2] found that there were on average 270 attacks per company over the past year, a 31% increase over 2020. Third-party risk continues to dominate, with successful breaches to the organisation through the supply chain having increased from 44% to 61%.

In response, IT security budgets are now up to 15% of all IT spending, which is equivalent to 5 percentage points higher than reported in 2020.

The survey of nearly 5,000 executives across 18 countries and 23 industries also underlined the knotty relationship that can exist between cloud and security. The complexities of cloud security, governance and compliance were often seen as barriers, while an overly rigid focus on achieving business growth highlighted the potential for a resource allocation problem, with a consequential lack of internal skills to structure a proper cloud security framework, opening the door to cyber threats.

The Scottish tech community is also at the forefront of moves to share learnings, increase awareness and collaborate for the greater good, as evidenced by the winners of the Scottish Cyber Awards, the Scottish Cyber Innovation Hub, the Scottish Business Resilience Centre and the work of forums such as Women in Cyber.

What we are seeing, as a consequence, is a growing recognition that cloud not only achieves the desired business results quickly, but also that it provides a framework for threat mitigations. Identify the threat early, and a single fix is effective across the system.

From government agencies and SMEs through to financial services institutions looking either to move operations on to the cloud or to create new services from scratch based on the technology, our experience is that the early integration of digital and cyber security expertise helps in delivering the desired impacts. Keeping up the momentum from talk to implementation is critical.

Indeed, elevating the role of the Chief Information Security Officer (CISO) was revealed as one of the major determining factors between ‘Cyber Champions’ and what we termed ‘Risk Takers’. When the CISO took a seat at the boardroom table there ensued a balance between achieving business objectives and understanding where cyber resilience fitted into the overall strategy.

From the outset, baking cyber resilience into a cloud business model helps organisations to introduce innovations securely across the value chain, strengthen customer trust and create the foundations for sustainable growth. Without that foundation for cyber resilience companies would be at greater risk and have higher costs of cybersecurity.

Furthermore, given that remediation can be 30X the cost of prevention, once a ransomware attack or similar happens, one of the biggest challenges when it takes down an enterprise environment is understanding priorities. What is the most important system to recover in your network? What does your revenue rely on? What’s most critical to your operations? A cyber resilient organisation would have anticipated these scenarios and tested their ability to respond.

With an accelerated shift toward using the cloud, it is important to drive full value from it. When moving to the cloud, therefore, organisations should seize the opportunity to reassess their security priorities early in the process. Security cannot be allowed to become a significant barrier to cloud discussions – nor can it be something for later. In the ever-present threat of cybercrime, it is imperative. Cloud security can enable better business outcomes by being fast, frictionless, scalable, proactive and cost effective.

Michelle Hawkins, managing director, Accenture, Scotland

 0 comments

Want to join the conversation? Please or to comment on this article.