Cybersecurity Readiness in the Age of Digital Transformation

An IDC white paper sponsored by BDO

There’s a disconnect between digital transformation ambitions and cybersecurity execution. Although organizations are investing in AI and other digital initiatives, an IDC survey of more than 400 leaders across seven countries finds only 40% of them integrate cybersecurity during the planning stage. As a result, cyber incidents frequently delay or derail key IT business projects, undermining time to value, eroding stakeholder confidence, and jeopardizing future competitiveness in an increasingly digital world.

Read the white paper

The survey also finds:

60% of organizations still fail to involve cybersecurity during the planning stage of their digital initiatives even though history has proven long-term resilience increases when cyber is engaged at the ideation stage and throughout the project.

The time to recover from cyber incidents exceeds seven days. With early detection, advanced planning, and testing, faster response and recovery is achieved, minimizing the impact of an attack.

The returns on increased investments in cyber fall unless there’s a focus on program maturity, disciplined execution, process optimization, and continuous evolution of the cyber program. As the business changes, increased spending alone doesn’t prevent incidents. Budgets need to be directed to the more impactful areas based on risk, and these allocations should be reviewed regularly to ensure their impact is maintained.

The risks of GenAI rise as adoption increases. The top concerns are a greater susceptibility to phishing and social engineering attacks, difficulty in securing IP or proprietary data used in GenAI models, and governance gaps in usage. To mitigate risks, organizations need to be more aligned when it comes to strategy and execution, and ensuring cyber is at the table to support early in the journey.

Although third-party risk was found to be one of the top three attack vectors, organizations cited it as their greatest weakness in cybersecurity controls indicating formalized third-party risk management programs are lacking.

There continues to be a misalignment between strategic intent and execution. Evolving cyber programs to adapt to changes in the business environment continue to hold organizations back. Traditional key performance indicators need to shift to outcome-based metrics for better alignment. Organizations are struggling with continuous evolution, anticipating future needs, and staying ahead of risks.

Future-proofing your cybersecurity program requires:

Continuous evolution

Ensuring your cyber program adapts to changes in your business, and to external factors which may impact your business.

Cyber tightly coupled to business and IT strategy

Companies need to understand where the business is headed in order to customize the cyber program and increase its effectiveness though engagement in all transformation projects from the start.

Measuring success

Effectiveness is critical and should be measured using outcome-driven metrics. Adjustments should be made quickly as needed to ensure your program is optimized for your business.

Read the white paper

Mark Zuzarte

Global Leader, Application Security

Contact View bio

Natalie Journeay

Client Director, Cybersecurity

Contact View bio

Rob Philpotts

Partner, Cybersecurity

Contact View bio

Rocco Galletto

Partner, National & Global Cybersecurity Leader