Study identifies the main risks associated with digital transformation
- Published: Thursday, 18 June 2020 08:22
‘Digital Transformation & Cyber Risk: What You Need to Know to Stay Safe’, a new study by the Ponemon Institute sponsored by CyberGRX, presents the results of surveys of nearly 900 IT security professionals and C-level executives.
The study identifies four major risk themes:
- Digital transformation is increasing cyber risk, and IT security has very little involvement in directing efforts to ensure a secure digital transformation process. Such misalignment of resources is illustrated by 82 percent of respondents believing that their organizations experienced at least one data breach as a result of digital transformation. 55 percent of respondents say with certainty that at least one of the breaches affecting their organization was caused by a third party.
- Digital transformation has significantly increased reliance on third parties, specifically cloud providers, IoT and shadow IT; and many organizations do not have a third-party cyber risk management program.63 percent of respondents say their organizations have difficulty in ensuring a secure cloud environment and 54 percent of IT security professionals say avoiding security exploits is a challenge. Additionally, 56 percent of C-level executives say their organizations find it a challenge to ensure third parties have policies and practices that ensure the security of their information.
- Conflicting priorities between IT security and the C-suite create vulnerabilities and risk; these two groups do not agree on the importance of safeguarding risk areas, including high value assets. IT security respondents are more likely to say the rush to produce and release apps, plus the increased use of shadow IT, are the primary reasons their organizations are more vulnerable following digital transformation. But in contrast, C-level respondents say increased migration to the cloud and increased outsourcing to third parties makes a security incident more likely. The majority of C-level respondents do not want the security measures used by IT security to prevent the free flow of information and an open business model.
- Budgets are, and will continue to be, inadequate to secure the digital transformation process; the majority of organizations do not have adequate budget for protecting data assets and don’t believe they will in the future. In fact, only 35 percent of respondents say they have such a budget. Because of the risks created by digital transformation, respondents believe the percentage of IT security allocated to digital transformation today should almost be doubled from an average of 21 percent to 37 percent. In two years, the average percentage will be only 37 percent and respondents say ideally it should be 45 percent.