Every industry is going digital, some faster than others. The media sector is almost entirely digital; sectors like healthcare and transportation, less so. But the overall trend is clear: Every facet of our professional and personal lives is going digital. As a cybersecurity professional, you can get on board or get out of the way, but shouting “stop” is futile.
That’s the underlying premise of a new article from McKinsey, “Cybersecurity: Linchpin of the digital enterprise.” It lays out a difficult truth for cybersecurity teams, and highlights areas where progress is being made.
Here’s a big problem: The business and development teams value speed and functionality above all, and the operating models used by many cybersecurity organizations often slow things down. Development teams get frustrated when it takes time to design secure architecture, review code and configure environments. When development and cybersecurity teams aren’t aligned, business opportunities are missed. Often vulnerabilities grow, as development teams bend rules to work around security rules.
Where’s the progress being made in supporting businesses’ digital aspirations? McKinsey highlights three areas:
quantitative risk analytics to improve decision-making;
making cybersecurity a core feature of every data exchange with suppliers, customers and employees;
creating a more flexible, responsive, and agile cybersecurity operating model to support the broader effort of making enterprise technology fast and scalable.
Enterprise IT is evolving fast. The cybersecurity function is racing to keep up and struggling to adapt. It’s still early in the journey. The mandate requires balancing two seemingly contradictory goals: to become more and more capable of protecting companies and at the same time quickly supporting the aspirational activities of the business and IT teams.