Digital risk – balancing risk and innovation
More and more companies nowadays are investing in building capacity to promote digital development. By contrast, many businesses are omitting to invest resources in security-related matters. Here we discuss what the approach should be when it comes to IT investments and the digital risk that arises.
When your organisation invests in digital technology, it is important to set up procedures to ensure that such investments are not lost because of inadequate security. Over the past year, 82% of large and medium-sized companies have invested more in cyber security. Smaller companies have also increased their investments, but they do not have the same internal competence as bigger organisations. There is currently high demand for training courses and programmes to implement procedures for security work. With regard to something as key as cloud services, it is the shortage of knowledge that makes it difficult for businesses to understand the risks. Here are a few measures that make it easier to balance risk and innovation:
Draw up a business case
IT investments require a carefully prepared business case. This not only provides financial base data, but also needs to show that there is a plan for the projects that the business will be taking on. It is important to make sure that there is good specification of requirements, project management and cost control for all large projects. The aim is to minimise costs in terms of both finance and time. Just as important as having a carefully prepared business case is to follow up continuously on the base data on which the business case rests. For smaller companies, this may involve someone with expertise in security lending a hand by looking closely at security aspects and company-specific issues.
“If the IT strategy and the overall strategy do not match up, there is a major risk that the investment will prove expensive”
Invest in backup and safeguards
To make sure that the money invested in IT infrastructure is secured, it is also important to have backup solutions. Without a backup, your organisation is exposed to a serious risk if data is damaged or stolen. The 3-2-1 rule guarantees that the business has three complete copies, two backup copies from different kinds of media, and one off-site copy. This enables organisations to continue their daily work without data being lost. Digital breaches are often not as immediately visible as physical ones, which makes it important to have a safeguard in the form of a VPN with 2FA – two-factor authentication – based on the concept of Zero Trust. This provides good protection of company devices and networks.
Make sure that the IT strategy is rooted in the business’s overall strategy
Balancing risk and innovation also mean that you must understand what digital transformation means for the overall strategy. Studies have shown that the most mature companies have established active collaboration between risk, security, IT, and different business units. They have an overarching understanding of the changes that need to be made at an operational, technical, and cultural level, and a coordinated approach to the measures that must be taken, and in which order.
If the IT strategy and the overall strategy do not match up, there is a major risk that the investment will prove expensive. Costs often arise as a consequence of delays or when people fail to foresee risks, which in turn results in the value of the investment being lost.
About Nordlos experts
Let our experts guide you in helping your business create effective everyday routines and how to navigate successfully through the challenges that lie ahead. Click on to the experts below to find out more about them and see what they have written.