** Juanita Koilpillai is Founder & CEO of Waverley Labs and President of the Digital Risk Management Institute
Part 1 of 3
Over the last two decades, the way enterprises have operated has been highly influenced by technology phases. Now we are entering a new phase: the digital business phase. Digital business is the creation of new business designs by blurring the digital and physical worlds.
Digital Business refers to any functions or transactions that are programmatic, automated and reliant on technology however, digital business is about business first, not technology.
Enterprises are adopting digital business strategies for key business benefits:
- Improvement to the customer experience to create a competitive advantage or respond to a competitive threat
- Use of digital to reach a broader audience to enable growth
- Adoption of digital to improve service delivery and improve operational efficiency, lowering cost and improving predictability
In general, defining a digital strategy and/or adopting digital business by implementing new applications that are developed as digital applications are required by organizations to survive and thrive in today’s economy.
According to Gartner, by 2020, 75% of businesses will become or prepare to become a digital business.
Evolving Security Landscape
At the same time, growing challenges exist as current IT security environments continue to leverage security controls and processes that are operational and not Risk-based. Compliance audits continue to be the standard for reflecting the degree of risk that the company is willing to assume. Increasing high profile attacks are exploiting growing digital risks with millions being lost to business disruption and negative brand impact. Yet, security organizations are still largely reactive to digital attacks. And while the capability for predictive analytics may exist, most organizations are still distracted by mountains of interesting but unimportant data.
For decades, legislative and industry standards have connected and described risk to traditional infrastructures, data and applications in great detail and have defined the required processes, that when they are adopted, to mitigate or reduce risk. A huge industry of auditors has evolved to inspect an organization’s processes and the reports used to certify compliance with standards. Despite the standards and the inspection, successful attacks still occur, breaching the controls and enabling unauthorized access to private data and intellectual property.
As a result, Digital Risk Management (DRM), a critical new process for securing the enterprise, is emerging.
*** Read part 2 that outlines the emergence of digital risk and digital risk management