HomeDigital risk – balancing risk and innovation

Digital risk – balancing risk and innovation

More and more companies nowadays are investing in building capacity to promote digital development. By contrast, many businesses are omitting to invest resources in security-related matters. Here we discuss what the approach should be when it comes to IT investments and the digital risk that arises.

When your organisation invests in digital technology, it is important to set up procedures to ensure that such investments are not lost because of inadequate security. Over the past year, 82% of large and medium-sized companies have invested more in cyber security. Smaller companies have also increased their investments, but they do not have the same internal competence as bigger organisations. There is currently high demand for training courses and programmes to implement procedures for security work. With regard to something as key as cloud services, it is the shortage of knowledge that makes it difficult for businesses to understand the risks. Here are a few measures that make it easier to balance risk and innovation:

Draw up a business case

IT investments require a carefully prepared business case. This not only provides financial base data, but also needs to show that there is a plan for the projects that the business will be taking on. It is important to make sure that there is good specification of requirements, project management and cost control for all large projects. The aim is to minimise costs in terms of both finance and time. Just as important as having a carefully prepared business case is to follow up continuously on the base data on which the business case rests. For smaller companies, this may involve someone with expertise in security lending a hand by looking closely at security aspects and company-specific issues.

If the IT strategy and the overall strategy do not match up, there is a major risk that the investment will prove expensive”

Invest in backup and safeguards

To make sure that the money invested in IT infrastructure is secured, it is also important to have backup solutions. Without a backup, your organisation is exposed to a serious risk if data is damaged or stolen. The 3-2-1 rule guarantees that the business has three complete copies, two backup copies from different kinds of media, and one off-site copy. This enables organisations to continue their daily work without data being lost. Digital breaches are often not as immediately visible as physical ones, which makes it important to have a safeguard in the form of a VPN with 2FA – two-factor authentication – based on the concept of Zero Trust. This provides good protection of company devices and networks.

Make sure that the IT strategy is rooted in the business’s overall strategy

Balancing risk and innovation also mean that you must understand what digital transformation means for the overall strategy. Studies have shown that the most mature companies have established active collaboration between risk, security, IT, and different business units. They have an overarching understanding of the changes that need to be made at an operational, technical, and cultural level, and a coordinated approach to the measures that must be taken, and in which order.

If the IT strategy and the overall strategy do not match up, there is a major risk that the investment will prove expensive. Costs often arise as a consequence of delays or when people fail to foresee risks, which in turn results in the value of the investment being lost.

Read more about cyber security

Daniel Cronström
CISO, Umeå & Lycksele
Read more

About Nordlos experts

Let our experts guide you in helping your business create effective everyday routines and how to navigate successfully through the challenges that lie ahead. Click on to the experts below to find out more about them and see what they have written.

Read more

More content about security and risk management

Do you want to get in touch?

We love customer dialogues and challenges. Contact us and we will help you!

  • Avsnittsavdelare

  • Avsnittsavdelare

This website uses cookies and personal data

When you visit https://nordlo.com, we at Nordlo Group AB use cookies and your personal data. Some cookies and some processing of personal data are necessary, while you choose whether to consent to others. You make your choice below. Your consent is entirely voluntary.

You have certain rights, such as the right to withdraw your consent and the right to lodge a complaint with a supervisory authority. Read more in our cookie policy and our privacy policy.

Manage your cookie-settings

Cookies and personal data that we use for analysis

To analyse how you use our website, we use cookies from Google and HubSpot's analytics service. We also process your personal data, e.g. your encrypted IP address, your geographical location and other information about how you use the website. 

Cookies and personal data that we use for marketing

We use cookies and your personal data to display relevant marketing and to follow up on such marketing when you visit other websites or social media. We do this with the aid of Google, Facebook, HubSpot and LinkedIn. The personal data that we process for marketing purposes include your IP address, information about how you use the website and information that these services already have about you.  

Ad measurement user cookies

In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data