Before we delve into the importance of cybersecurity, it is important to re-orientate ourselves with the current state of cyber-risks the world is facing today.

One of the key risks companies face in an increasingly data driven ecosystem, is a ransomware attack. Ransomware was predicted to be a $1 Billion industry by 2018 but in 2021, it already cost the world $20 Billion. It is predicted that over the next 10 years, ransomware will be a quarter trillion Dollar industry.

Cybercrime has evolved from individuals, to groups, to syndicates. Today, it has become an industry and economy of its own, with the advent of ransomware-as-a-service (RaaS) and the popularisation of initial access brokerages. This means that today, the opportunity to make money from cybercrime is as easy as purchasing access through a brokerage, subscribing to a RaaS platform, and taking aim at a target, with the service provider taking a small cut of the ransom payment.

One of the top three targeted industries is financial services thanks to the fact that it is rich in the most valuable commodity in the world – data. Without continued focus on driving digital transformation and data-driven decision making, being left behind is guaranteed. The beauty of microservices and cloud computing is that it’s fast and scalable. However, by having an increased digital footprint in the form of cloud technologies, SaaS, API’s and various 3rd party and vendor interconnects, organisations have increased their exposure exponentially, often without realising it due to the common misconception that the cloud is inherently secure. This might explain why the number one reason for security breaches in the cloud are caused by simple misconfigurations, brought about by inherent trust in the services to be secured by default. Without the requisite governance and controls, risk exposure scales with cloud computing just as rapidly.

The impact of such attacks and breaches cannot be overstated, especially when it comes to the reputational harm and loss of consumer confidence – and that’s before the financial impact of recovery and remediation efforts, subsequent fines and class-action lawsuits that often follow.

Ultimately, data and digital transformation are key competitive differentiators and should be treated as such. Protecting digital assets and the IT environments in which they reside should be top-of-mind. Securing these should be a principle of organisational operation and a strategic imperative. Therefore, cybersecurity should not be seen as an IT problem, but be pursued as business opportunity, with representation and inclusion at board and strategic level.

It would be prudent to see costs of information security, governance, risk and compliance as a strategic investment in future proofing the business rather than a grudge spend.

Companies that take cybersecurity (and consumer data privacy) seriously because customer trust is a priority, have a unique and competitive advantage in the markets of tomorrow. Consumers of tomorrow will be even more demanding and more discerning than they are now, and will have a lot more options.

As for businesses that are deciding who to partner, tender and integrate with - consider cyber resilience as a deciding factor to reduce 3rd party risk exposure and ensure compliance with a rapidly evolving regulatory landscape.

Many businesses are exploring alternative revenue streams after the pandemic and managing 3rd party risk effectively is becoming more important and more complex than ever, with many organisations simply walking away from deals and prospects when the risk is too high. Cyber resilience will be an enabler for potential business ventures and offer an increasing advantage in the business environment of tomorrow.

It’s also critical that organisations, as part of their digital transformation journey, build on resilience capabilities and not just security. It is not a matter of if, but when a major incident will occur. When that happens, how quickly and effectively can the business bounce back and ready itself for the next attempt, while still ensuring proper servicing of customers and acceptable levels of business operations?

The time has come to embrace the benefits of cyber resilience as a competitive advantage instead of treating it as a compliance check-box exercise. The more resilient an organisation becomes, the better its chances of survival and success in the digitally enabled and data-driven future.