Rebalancing security and business innovation post-pandemic

Avatar for Jay BarbourBy Jay Barbour|Jul 13, 2022|7:30 am CDT

The past two years were all about accelerated digital transformation. Now, the pendulum is swinging in the opposite direction, with governance phases requiring companies to circle back and address security protections overlooked during the fast-moving pivots of the pandemic.

For many mid-market information technology (IT) leaders, security needs to play catch-up. But it’s more than just that. It’s time to rebalance the relationship between security and digital transformation and put security back in a proactive role.

Since 2020, necessity has been driving digital transformation. COVID-19 demanded new business models, creating a “storming” phase of change. In lieu of going out of business, executives had no alternative but to put cybersecurity considerations on the back burner and mobilize guerrilla IT to keep the business running. Rush-ordered solutions created new risks:

Moving through the “norming and performing” phases of 2021 and 2022, mid-market companies are now trying to patch the gaps left in the wake of rapid change.

The dangerous yet necessary game of playing catch-up

Recoil is common when innovation outpaces security. The effect can be described as security “pumping the brakes” on transformation. In the worst case scenario, companies slam on the brakes after a security breach or ransomware incident, but more often they pump the brakes after concerned stakeholders call for a security risk assessment. Either way, action is taken to assess risk, manage exposure and put controls in place. Several studies highlight today’s security rebound.

Playing catch-up can cost businesses dearly. When a remote worker was a factor in causing a data breach, the cost went up by $1.07 million, making the total $5.31 million on average. Companies can potentially find themselves taking on everything at once — updating security while simultaneously paying ransomware attackers and emergency response teams. For these reasons, catch-up is considered a dangerous game, but IT executives shouldn’t point fingers or stress about it. COVID-19 left no option. Course correcting now — before the data breach — is still an honorable win.

How to put checks and balances in place

If an organization doesn’t yet have a formal security program, start with these steps.

  1. Reassess security with remote work as a given. Yesterday’s band-aids will remain the long-term strategy with employees working beyond defined perimeters using their own devices.
  2. Initiate a cyber risk assessment. Identify priorities based on risk and business objectives, understanding where to focus now and in the future.
  3. If the organization has more than a few hundred employees, the business needs at least one dedicated security resource who is given the authority to challenge recklessness. Without an empowered owner, the security program rarely materializes because business decisions overrule risk mitigation.
  4. In combination with a risk assessment, use the available cybersecurity frameworks to identify needed controls and practices. Act with urgency and prioritize — don’t expect to do it all at once.

Rebalancing security and innovation

Ideally, security should never be catching up with innovation; it should be in sync or out in front of the business strategy. It is time to recalibrate.

Processes are needed to ensure security and innovation are always working in tandem. Here’s how to restore balance.

Using security to be future-ready

Change is certain, and digital transformation must be constant for businesses to adapt and capitalize on new market conditions. But innovation can easily become a disaster when security is out of balance. The confidence of being future-ready stems from security preparedness, control and enabling rapid change. These are necessary to counterbalance every type of transformational risk. The key is to have smoke detectors, fire doors and sprinkler systems alongside fire inspectors and professional alarm monitors — not to be calling in the fire trucks after the house is already on fire.

Interested in how Managed Security can improve your business?

Call us now to arrange a consultation (866) 588-5885.
Or arrange for a consultation through our request form.