Most organizations are now engaged in some form of digital transformation project or initiative, but security is a top concern for firms as they invest in new technology to grow business. This is according to Nominet’s newly released “Cyber Security In the Age of Digital Transformation” report.
Nominet surveyed 274 CISOs, CTOs and CIOs from large organizations across several sectors and found 93% reported their company is currently engaged in or planning to engage in a digital transformation project. A summary of the report noted it provides a “reality check” on where organizations are with digital transformation and how it impacts their security posture.
The research also found business leaders are looking to digital transformation to grow opportunities in new markets (53%), address evolving customer behaviors and preferences (52%) and meet evolving employee behaviors and preferences (48%).
Security Keeps Tech Leaders Up at Night
Despite the promise of digital transformation to drive business initiatives, security concerns are a primary worry for the tech executives helming the projects. Increased cybersecurity risks were cited by 53% of respondents as their biggest concern. Other concerns included rigid technology infrastructure (40%) and legal, risk management and/or compliance concerns (36%).
Digging into the security findings a bit deeper, respondents named multiple security concerns connected to digital transformation projects. Exposure of customer data was the largest area of anxiety, at 60%. Cybercriminal sophistication (56%) and increased threat surface (53%) round out the other top concerns.
Security a Latecomer
The report authors noted that it was disturbing to discover that many businesses fail mitigate threats posed by digital transformtion early on in their transformation projects.
Only a third of respondents reported that security was considered during the development of their organization’s digital transformation strategy (34%). Many reported their businesses were leaving it to either the pre-implementation stage (28%), the implementation stage (27%) or even post-implementation of the digital transformation strategy (9%). This is a mistake, said Cath Goulding, CISO, Nominet.
“With digital transformation you have to be sure that when you’re bringing in new applications, security is considered from the outset,” said Goulding. “More than this though, in a digital transformation project, the real trick is to manage the security considerations of legacy and new applications simultaneously.”
Shan Lee, CISO and DPO for Transferwise, concurred with Goulding in a reaction to the findings.
“For any IT project it is absolutely fundamental that security is considered from word go,” said Lee. “Otherwise, you end up trying to retrospectively fit security to a system and that results in gaps and vulnerabilities in the security architecture.”