Why companies ignore cybersecurity in digital transformations

At RSA 2019, Emily Mossburg of Deloitte explained the challenges companies face when it comes to cybersecurity.

Why companies ignore cybersecurity in digital transformations

At RSA 2019, TechRepublic Senior Editor Alison DeNisco Rayome spoke with Deloitte's Emily Mossburg about the challenges companies face when it comes to cybersecurity. The following is an edited transcript.

Alison DeNisco Rayome: I know Deloitte recently released its future of cyber survey and you found that 95% of executives admitted that they have faced a bunch of different types of cyberattacks in recent years that have impacted their business. Can you tell me some of the top takeaways from that study and if that figure is at all surprising to you?

Emily Mossburg: The figure around incidents isn't surprising, but one of the things that was surprising was the alignment of cyber spend related to digital transformation. Everybody focused on and talked about their focus on digital transformation, but when we asked about the spend of cyber related to digital transformation, less than 10% of those that we surveyed were spending more than 10% of their budget on aligning their cyber initiatives to their internal digital transformation efforts. I thought that was really telling in terms of where we are on the adoption curve of cyber and really integrating it into the organization in the way that it needs to be.

Alison DeNisco Rayome: Why do you think organizations are kind of slow to be adding it into the budget in this kind of way?

Emily Mossburg: I think that there are still a lot of foundational things that organizations are trying to do as it relates to cyber. Prioritization is one of the largest challenges that they have related to their cyber program. I think a lot of it is really related to how do they prioritize. Do they have all of the foundational elements in place, and how do they think about this in a go-forward way. I think that we will see more and more adoption related to this in the coming years, but I think we're just not quite there yet.

SEE: Network security policy template (Tech Pro Research)

Alison DeNisco Rayome: What are some of the other top challenges that you find businesses are facing when it comes to cybersecurity right now?

Emily Mossburg: Third parties and the broader ecosystem. Cyber right now is in everything that we do. Organizations ecosystems are growing and expanding as we're more connected, as we move and change our business models. I think understanding their risk as it relates to their third parties and having all of the appropriate controls and monitoring and contracts in place as it relates to those third parties is another area that we continue to see organizations struggle with.

Alison DeNisco Rayome: What are some things that CIOs and CISs can do in terms of next steps to make sure they are prioritizing and getting cybersecurity in the right place?

Emily Mossburg: I think a lot of this comes down to do the CSOs have the right level of authority and responsibility and accountability within the organization? Do they not only have a seat at the table, but are they interacting with the stakeholders the way that they need to? Are they really integrating into the business initiatives? I do think that that's something that CSOs need to think about as we go forward.

SEE: Incident response policy (Tech Pro Research)

Alison DeNisco Rayome: Do you have any tips for CSOs in terms of gaining that seat at the table and ways to start working more with the business side?

Emily Mossburg: Networking in all of this is always key. Understanding who it is that you want to spend time with, understanding who the influencers are, and really having a strategic plan as it relates to spending time with those people, getting on their agendas and some of their meetings. I think that it's really, it's about talking to people and understanding what their initiatives are and I really think that over time that will happen.

Alison DeNisco Rayome: Great. Any other words of advice for security professionals moving forward into 2019 for things they should be looking out for or ways to be handling cybersecurity?

Emily Mossburg: There's so many. One of the things that I would focus in on is as we're transforming, as we're shifting our business, making sure that we have a seat at the table from an innovation standpoint. Making sure that you're tied in with your product managers, with those that are driving innovation and that you are talking to them during the conceptual phase of new ideas, of new products, of new services.

Also see