Like many aspects of modern society, the success of the digital economy is transforming both the philosophy and importance of innovation and leadership.
The sheer pace of change is remarkable. In the last decade alone, we’ve seen innovative organisations across the world ‘disrupt’ traditional industries on a huge scale. The ripple effect created by the growth of Apple, Tesla and Google, among many others, can now be seen in every market niche. The leaders of these brands have become iconic figures, arguably now more widely influential than at any other point in living memory.
In the context of cyber security, however, delivering innovative leadership is arguably at its most critical. One only needs to look at the disruptive effect of cyber attacks on critical infrastructure, the huge global financial bill and, sadly, the existential impact on some organisations to understand why.
For instance, in 2021 alone, there was a dramatic increase in ransomware activity. According to Harvard Business Review, extortion demands are now as high as tens of millions of dollars, with the worldwide cost of ransomware predicted to exceed $265 billion by 2031.
As a result, cyber security professionals are under sustained pressure to – quite literally – address and avert crisis situations on a daily basis. The massive effort required to protect the networks, data and financial integrity of organisations worldwide is a huge undertaking. It can only be sustained because there are incredibly talented and committed teams across the sector who understand the importance of focusing on continual improvement.
However, we must accept that the version of ‘innovation’ exhibited by the criminal gangs responsible for the vast number of daily cyber attacks is highly effective. It also needs to be met head-on by every single organisation out there – not just the cyber security industry.
For instance, the traditional reliance on ‘reactive’ cyber security technologies, such as the ubiquitous antivirus solutions, play a really important role in keeping organisations and their data safe. Yet, cyber criminals have become extremely successful in adapting their approach to exploit the weaknesses in these systems.
The use of ‘zero day’ attacks, for example, means new security vulnerabilities can remain unknown to antivirus systems for up to 18 days before they are updated to provide protection. That’s a potentially catastrophic window of opportunity for ‘bad actors’ to exploit.
A Question of Mindset
One of the most pressing challenges is the worrying absence of an innovative leadership mindset in the way many organisations approach their own cyber security.
This tends to manifest itself in three ways. Firstly, some leaders view cyber security as an IT issue – pure and simple. The problem this creates is that they don’t actively engage with the risks or remedies, so aren’t in a position to set the tone for their cyber security strategy.
Some leaders accept the general need to invest in a cyber security strategy, but because they don’t see their own organisation in imminent danger, pay lip service to investment in favour of different, non-cyber security priorities.
The other common leadership perspective is that technology investment decisions should be made on their ability to deliver a definitive financial return. For many leaders, however, the bottom line benefit of cyber security spend is nebulous at best, so it’s not a priority.
Whatever leadership mindset prevails, the impact is the same: a lack of innovation significantly increases the risk of a cyber security breach.
For those who accept that the security status quo is no longer sustainable, leaders have to think differently, modernise their approach to cyber security and be prepared to embrace change. Crucially, this is not just a matter of buying new products, but is about focusing on identifying risk vectors, such as those created by the move to remote working or the dangers endemic in the billions of files shared every day.
When addressing cyber security, innovative leaders must fully engage with the issues, risks and opportunities. In doing so, they should challenge their legacy approaches to keeping their systems safe from attack – even if they have yet to be breached themselves. What’s more, by taking responsibility for driving positive, innovative change, leaders can bring their own skills to work with trusted security partners and vendors to improve their levels of protection.
Looking ahead, the digital transformation of every sector of the economy will continue at pace and unabated. This increasingly complex technology ecosystem will also add to risks faced by organisations in securing their systems and data. Those organisations who address these challenges now will be much better placed to operate in a more secure environment in the years ahead.