Tackling cybersecurity risk amid pandemic-driven digitization shifts

Cybersecurity
Editor's Note

This article is sponsored by EY Canada. 

Public and private organizations in Canada, large and small, have made slow progress in embracing new technologies. But the pandemic has compelled them to join the digital revolution in order to better serve customers and citizens, minimize interruptions to operations during COVID-19 restrictions and ultimately gain a competitive advantage. Iron-clad defenses against cyber-attacks will ensure their continued success in the post-pandemic era.

Digital transformation was a long overdue step for many organizations, and it’s clear any business that falls back into traditional operations will risk losing clients and customers, while eroding their reputations. The sudden embrace of cutting-edge, digital technologies, however, has come with risks, the largest of which can pose an existential threat to any business: cybersecurity. 

Data breaches spiked when the pandemic hit and show no signs of slowing down. The challenge is that comprehensive cybersecurity measures need to be embedded at the very beginning of any digital transformation — and far too often, they’re merely an afterthought. According to a recent EY Canada survey of Canadian businesses, 63 per cent say their cybersecurity budgets make up less than 10 per cent of their total IT spend. Simply put, Canadian companies aren’t adequately investing in measures to defend themselves, their clients and customers. 

The stakes are high — a breach harms operations, destroys customer trust, erodes brand value and can cause related legal and regulatory issues. And given half of Canadian consumers are willing to share more personal data today than they were before the pandemic, the fallout from a breach could be wide-ranging and more devastating than ever before. 

Third-party vendors also pose security risks. According to a global EY survey conducted right before the pandemic, 36 per cent of organizations experienced a data breach caused by a third party in the past two years.This has been a blind spot for many organizations. Integrating new technologies and processes built by others must be done carefully and as part of an organization’s overall IT and cybersecurity strategy to ensure digital transformation is beneficial and not harmful to an organization and its myriad stakeholders. 

Organizations must conduct thorough due diligence before introducing new technologies into their ecosystems, in addition to regular and rigorous risk assessments that spot potential gaps, flaws, misuse and other red flags. 

The work-from-home model has created its own cybersecurity challenges because it’s much more difficult to ensure remote workers are following all appropriate security protocols. This will be a lingering challenge for any organization continuing with a remote working model, even if adopting a hybrid approach. In response, some organizations are providing their remote employees with secure work computers as a simple and relatively inexpensive measure to help shield an organization from cyber threats.  

There’s no one-size-fits-all, silver bullet solution to mitigating cybersecurity risk as your organization embraces the personalized, data-rich technology that clients and customers now demand. What’s more, business leaders widely acknowledge — and firms like EY Canada agree — that it’s just a matter of time before an organization faces a breach. Ensuring day-to-day resilience as well as a proactive, pragmatic, and strategic approach that considers risk and security from the onset will not only enable trust but will help organizations lead transformational change and innovate with confidence.

After all, hackers aren’t slowing down. Organizations that act now to tackle cybersecurity in a comprehensive manner, supported by an integrated IT strategy, while carefully and diligently assessing first- and third-party risk, will come out on top of the competition. No company can turn away from the digital revolution. But with the right cybersecurity protocols in place, joining that revolution doesn’t have to pose an existential threat — and in fact will all but ensure its continued success. 

Alida Meghji is an associate partner in the Digital and Emerging Technologies practice at EY Canada. For more cybersecurity insights, visit https://www.ey.com/en_ca/cybersecurity.