Everyone’s talking about digital transformation. The reality is that today no organization can afford not to have a digital strategy: it’s a battle for survival as well as a race to be first. With technology advances moving at the speed of light, organizations must adapt and keep up or fall behind. And no-one wants to be the next Kodak.

According to a European Commission study last year, 75% of companies in the region see digital as an opportunity, but only 44% have adopted at least two of the seven key transformation technologies highlighted. Even worse, just 16% had adopted cybersecurity solutions.

Security-by-design

The truth is that cybersecurity is the foundation on which all good digital transformation projects should be built. It must be agile and adaptive; designed into every service from the very start. Yet new global research from NTT Security has revealed deficiencies which are hampering firms’ efforts and increasing cyber risk and breach related costs.

Our 2018 Risk:Value Report is conducted every year and therefore gives us a handy view of how trends are changing over time. Compiled from interviews with 1,800 global business decision makers, it’s offers an interesting snapshot into how information security is understood by companies around the world.

Trust me, I’m digital

It reveals that decision makers are most concerned about the loss of customer confidence (56%) and damage to brand and reputation (52%) that can result from a breach. This is understandable, considering the importance of trust in the digital world. New technologies like blockchain, IoT, AI and autonomous vehicles will fall flat if partners and customers can’t trust their providers.

Especially in the IoT world, cyber attacks could cause life-threatening scenarios, such as hackers remotely controlling a connected vehicle. That makes stories such as the recent discovery of multiple vulnerabilities in BMW cars particularly troubling — for manufacturers and their customers.

Trust is a fragile thing and hard to recover once lost, making cybersecurity-by-design a necessity. But breaches can also have huge direct financial implications. Our report finds that recovery costs have risen from under $1m in 2015 to over $1.5m today. That’s on top of the average revenue drop forecast by global firms at over 10%.

Confidence creates risk

Unfortunately, that’s not where the bad news ends. The report also reveals a lack of cybersecurity insight and awareness among decision makers, which is creating a dangerous over confidence in their ability to withstand attack. Almost half (47%) of respondents claimed they had not been affected by data breaches — a worryingly high figure given the complexity and covert nature of attacks today. Some 12% were more realistic in claiming they weren’t sure, an average driven up by the one in five (22%) in the UK.

Picture: Extract of the global Risk:Value Results

This lack of insight is fueling a misplaced notion that they’ll be safe in future. A third of respondents said they don’t expect to suffer a breach, yet less than half (48%) claimed to have fully secured their critical data. This kind of disconnect is a dangerous thing in cybersecurity — in fact, it has the potential to derail digital transformation completely.

On the positive side, firms are getting better at incident recovery, with 57 days now the average time it takes global organizations to get back on track after a breach. But of great concern is that cybersecurity still seems to be treated as a reactive tool rather than an enabler of digital transformation and growth which should be built in proactively from the start.

Look out for the second part of this blog post which will look closer at this reactive mindset. In the meantime, download our Risk:Value Report here.