Sections

Securing Your Digital Future: Cyber Trust As Competitive Advantage

Justin Somaini and Dan Wellers

The accepted wisdom in the cybersecurity field today is that there are two types of companies in the world: those that know they’ve been hacked, and those that don’t.

No enterprise is immune from cyber threats, and the list of big, scary data breaches continues to grow. The vast majority of companies in Europe (92 percent) have been hacked in the last five years, according to a recent survey by specialty insurer Lloyd’s of London. The average total cost of a breach is $4 million, according to a 2016 study by the Ponemon Institute.

Yet, categorized as risk to avoid rather than opportunity to pursue, cybersecurity has never been a terribly sexy topic in the C-suite. It’s an added expense—and one that slows down efforts to leap ahead technologically. The significant attention it receives tends to be of the negative variety when things go horribly wrong. Even as companies have embarked on their digital transformation efforts, security has remained an afterthought—tacked on after a big new investment in advanced analytics, cognitive systems, or Internet of Things (IoT) technology. Very soon, however, that reactive approach will seem antiquated.

A coming mind shift

Spending on IT security has been increasing in the last two years, even as overall technology budgets have been decreasing, according to 2016 report by the SANS Institute. But it’s not just a lift in spending that’s called for, but also shift in thinking.

In today’s age of rapidly developing transformational technologies, keeping on top of emerging security and privacy threats is more challenging—and more critical—than ever before. As companies collaborate with a wider network of partners and meet new demands for 24/7 operations and greater transparency with customers, cyber security risks multiply. The scope, scale, and impact of cyber attacks will grow in concert with increasing digitization:

  • 4.2 billion records were exposed in more than 4,000 known data breaches in 2016, according to Risk Based Security.
  • Cyber insurance premiums could increase tenfold to $20 billion annually by 2025, according to Marsh & McLellan.
  • The cost of data breaches will reach $2.1 trillion globally by 2019—nearly four times the estimated cost of breaches in 2015, according to Juniper Research.
  • Cyber attacks could cost the world up to $90 trillion in net economic benefit by 2030 if cyber security doesn’t keep pace with growing interconnectedness, according to a study published by the Atlantic Council and the Zurich Insurance Group
  • Cyber risk is expanding beyond the virtual world to the physical one. Hackers used highly destructive malware to bring down three Ukranian power distribution companies in 2016, for example, cutting power to 80,000 people.
  • The expanding universe of Internet of Things devices is particularly vulnerable to exploitation as companies may not update them after installation and many devices are not able to receive security update patches, according to AIG. In fact, an IoT hack took down Amazon, Twitter, Netflix, and other major sites in October 2016.
  • Connected devices pose particular concern in healthcare, an industry that already faces 340 percent more cyberattacks than the average industry and that fails to monitor 75 percent of hospital network traffic, according to a report from Raytheon and WebSense Security Labs.
  • Cyberattacks are one of the top ten global risks of highest concern for the next decade, right alongside such threats as water and food crises, natural catastrophes, social instability, and national governance failures, according to the World Economic Forum.

Just a third of companies today are sufficiently prepared to prevent a worst-case attack, according to Oliver Wyman and only a quarter currently treat cyber risk as a significant corporate risk. But as cyber risk expands and the attacks result not only in financial and reputational damage but also in physical destruction, danger, or loss of life, trust will become a competitive advantage. Therefore, those companies and organizations that want to dominate their markets will approach security as a strategic investment, proactively embedding cybersecurity strategy into business strategy.

As companies continue their digital transformations, they need to adopt more flexible and ubiquitous cyber defense measures to meet the more extreme threats they will face. Failing to do so risks unanticipated costs, operational shutdowns, reputational damage, and legal consequences.

A zero-trust approach

Unfortunately, there is no off-the-shelf solution to manage the entirety of a company’s cyber risk. As companies continue to introduce more digital innovations, they must continuously adopt and adapt cyber security measures commensurate with the growing threats they’ll face.

In a global economy, security can only be as good as the regulations, compliance, and enforcement in the countries where an organization operates—and those vary wildly around the world. What’s more, even when a company’s leaders take a more proactive approach to investing in cyber security protection and response, its partners and suppliers may not. Nearly 80 percent of companies fail to assess their customers and suppliers for cyber risk, according to a survey by Marsh & McLellan. And hackers certainly will be proactive about finding the weakest link in a value chain. Meanwhile, as enterprises adopt a growing legion of internet-connected devices and sensors, cyber security risk will be distributed even more widely.

Organizations must evolve from the attitude that perimeter security, achievable by firewalls or anti-virus protection, is enough. As interconnectivity and interdependency increases so too will the adoption of zero-trust networks. The zero-trust approach questions the assumption that a company can be made safe and sound within the confines of its own “secure” corporate network. Instead, a zero-trust approach places controls around data assets themselves and creates increased visibility into how they are used across a digital business ecosystem.

A new approach for a networked world

But, as SAP CEO Bill McDermott wrote to customers in 2016, “Information security is a journey without a destination. The security threat in the enterprise is relentless and multiplying, and the attackers are getting more sophisticated.” A zero-trust network is not enough. When the question is not if, but when, a significant breach will occur, how a company manages this inevitability becomes critical.

The key is to develop a robust approach to measuring, controlling, and responding to cyber risk. We recommend a three-pronged strategy to manage the threats in the expanding enterprise ecosystem:

  1. Prevent. This aspect of cyber security strategy remains as important as ever, and companies must evolve their preventative strategies, from their security policies and educational approaches to the actual access controls they put in place.
  1. Detect. In an evolving cyber threat environment, there is no foolproof prevention approach. Selecting and deploying appropriate intrusion detection systems for the timely detection and notification of compromises is critical.
  1. React. Detection is useless without a response. Companies that approach cyber security as a competitive advantage will put incident response plans in place in much the same way they would plan for recovery from a natural disaster.

Building trust, not walls

The Great Wall of China may have succeeded as an exercise in power or a feat of construction. But as a security strategy, it was a failure. Similarly a cyber security strategy focused on building strong enough borders around the company will fail. It’s impossible to keep all the bad guys out.

As more of a company’s data and its business processes become distributed, it’s cyber security strategy must become much more far-reaching. The good news is that even as digital technologies increase cyber security risk, they can also help mitigate it. Many cloud providers for example, are taking a more robust approach to security strategy that their customers might. New technologies like machine learning and big data analytics can strengthen security protections. Of course, the hackers can—and will—take advantage of these powerful technological advancements as well. Cyber risk experts will tell you the dark web is teeming with attack tools that enable hackers to take advantage of outdated security approaches and corporate vulnerabilities. They’ve been quick to take advantage of new automation tools in order to carry out more sophisticated and layered attacks on corporate and state assets.

Companies who embrace trust and security as competitive advantages will build security into their digital ecosystems at each layer:

  • Secure Products: Incorporating security into all applications, ensuring the protection of content and transactions.
  • Secure Operations: Investing in hardened systems, security patch management, security monitoring, end-to-end incident handling, and a comprehensive cloud operations security framework.
  • Secure Company: Creating a security-educated and aware workforce, end-to-end physical security of assets, and a comprehensive business continuity framework.

Forward-looking companies will follow these principles not only within their own organizations but expect them from their network of partners, supplier, and customers. The hackers of today and the future aren’t working alone and neither should the companies they’re targeting.

The risk of full-blown cyber catastrophes is real. The WEF has warned that large-scale cyber attacks could cause significant economic damage, geopolitical tensions, or widespread loss of trust in the Internet.

A report from the Atlantic Council and Zurich Insurance Group found as soon as 2018, there could be damage from massive cyber attacks equivalent to 1.5 percent of global GDP that is “certain to drastically increase risks and drag down net profits for companies that are most exposed to cyber-attacks..” The worst case scenario could result in a state of perpetual cyber crime and cyber warfare, increasingly vulnerable critical infrastructure, and losses of $90 trillion globally, according to the report.

A collaborative network approach will be critical to combatting such a persistent global threat with implications not just for corporate and personal data, but strategy, supply chains, products, and physical operations. Trust will be the most important currency in the digital future—one that companies will have to earn and work diligently to keep.

Read the executive brief The Future of Cybersecurity: Trust as Competitive Advantage.


Comments

Justin Somaini

About Justin Somaini

Justin Somaini heads the Global Security unit at SAP. With more than 17 years of information security experience, he is responsible for SAP’s overall security strategy, ensuring that SAP and our customers have a consistent and convenient security experience. In his role Justin develops, implements, and manages SAP’s overall policies, standards, and guidelines as well as ongoing SAP security initiatives to meet the emerging international IT and cyber security environments and data protection and privacy laws worldwide. Before joining SAP in 2015, Justin was Chief Trust Officer at Box, the world's leading enterprise software platform for content collaboration. Prior to Box, Justin held the role of Chief Information Security Officer (CISO) at Yahoo!, driving security planning and operations for the company. Prior to Yahoo!, he was CISO of Symantec. Justin holds a Bachelor's of Science degree in Management Information Systems from Drexel University, Philadelphia.

About Dan Wellers

Dan Wellers is the Global Lead of Digital Futures at SAP, which explores how organizations can anticipate the future impact of exponential technologies. Dan has extensive experience in technology marketing and business strategy, plus management, consulting, and sales.

Transform Or Die: What Will You Do In The Digital Economy?

Scott Feldman and Puneet Suppal

By now, most executives are keenly aware that the digital economy can be either an opportunity or a threat. The question is not whether they should engage their business in it. Rather, it’s how to unleash the power of digital technology while maintaining a healthy business, leveraging existing IT investments, and innovating without disrupting themselves.

Yet most of those executives are shying away Businesspeople in a Meeting --- Image by © Monalyn Gracia/Corbisfrom such a challenge. According to a recent study by MIT Sloan and Capgemini, only 15% of CEOs are executing a digital strategy, even though 90% agree that the digital economy will impact their industry. As these businesses ignore this reality, early adopters of digital transformation are achieving 9% higher revenue creation, 26% greater impact on profitability, and 12% more market valuation.

Why aren’t more leaders willing to transform their business and seize the opportunity of our hyperconnected world? The answer is as simple as human nature. Innately, humans are uncomfortable with the notion of change. We even find comfort in stability and predictability. Unfortunately, the digital economy is none of these – it’s fast and always evolving.

Digital transformation is no longer an option – it’s the imperative

At this moment, we are witnessing an explosion of connections, data, and innovations. And even though this hyperconnectivity has changed the game, customers are radically changing the rules – demanding simple, seamless, and personalized experiences at every touch point.

Billions of people are using social and digital communities to provide services, share insights, and engage in commerce. All the while, new channels for engaging with customers are created, and new ways for making better use of resources are emerging. It is these communities that allow companies to not only give customers what they want, but also align efforts across the business network to maximize value potential.

To seize the opportunities ahead, businesses must go beyond sensors, Big Data, analytics, and social media. More important, they need to reinvent themselves in a manner that is compatible with an increasingly digital world and its inhabitants (a.k.a. your consumers).

Here are a few companies that understand the importance of digital transformation – and are reaping the rewards:

  1. Under Armour:  No longer is this widely popular athletic brand just selling shoes and apparel. They are connecting 38 million people on a digital platform. By focusing on this services side of the business, Under Armour is poised to become a lifestyle advisor and health consultant, using his product side as the enabler.
  1. Port of Hamburg: Europe’s second-largest port is keeping carrier trucks and ships productive around the clock. By fusing facility, weather, and traffic conditions with vehicle availability and shipment schedules, the Port increased container handling capacity by 178% without expanding its physical space.
  1. Haier Asia: This top-ranking multinational consumer electronics and home appliances company decided to disrupt itself before someone else did. The company used a two-prong approach to digital transformation to create a service-based model to seize the potential of changing consumer behaviors and accelerate product development. 
  1. Uber: This startup darling is more than just a taxi service. It is transforming how urban logistics operates through a technology trifecta: Big Data, cloud, and mobile.
  1. American Society of Clinical Oncologists (ASCO): Even nonprofits can benefit from digital transformation. ASCO is transforming care for cancer patients worldwide by consolidating patient information with its CancerLinQ. By unlocking knowledge and value from the 97% of cancer patients who are not involved in clinical trials, healthcare providers can drive better, more data-driven decision making and outcomes.

It’s time to take action 

During the SAP Executive Technology Summit at SAP TechEd on October 19–20, an elite group of CIOs, CTOs, and corporate executives will gather to discuss the challenges of digital transformation and how they can solve them. With the freedom of open, candid, and interactive discussions led by SAP Board Members and senior technology leadership, delegates will exchange ideas on how to get on the right path while leveraging their existing technology infrastructure.

Stay tuned for exclusive insights from this invitation-only event in our next blog!
Scott Feldman is Global Head of the SAP HANA Customer Community at SAP. Connect with him on Twitter @sfeldman0.

Puneet Suppal drives Solution Strategy and Adoption (Customer Innovation & IoT) at SAP Labs. Connect with him on Twitter @puneetsuppal.

 

Comments

Scott Feldman and Puneet Suppal

About Scott Feldman and Puneet Suppal

Scott Feldman is the Head of SAP HANA International Customer Community. Puneet Suppal is the Customer Co-Innovation & Solution Adoption Executive at SAP.

What Is Digital Transformation?

Andreas Schmitz

Achieving quantum leaps through disruption and using data in new contexts, in ways designed for more than just Generation Y — indeed, the digital transformation affects us all. It’s time for a detailed look at its key aspects.

Data finding its way into new settings

Archiving all of a company’s internal information until the end of time is generally a good idea, as it gives the boss the security that nothing will be lost. Meanwhile, enabling him or her to create bar graphs and pie charts based on sales trends – preferably in real time, of course – is even better.

But the best scenario of all is when the boss can incorporate data from external sources. All of a sudden, information on factors as seemingly mundane as the weather start helping to improve interpretations of fluctuations in sales and to make precise modifications to the company’s offerings. When the gusts of autumn begin to blow, for example, energy providers scale back solar production and crank up their windmills. Here, external data provides a foundation for processes and decisions that were previously unattainable.

Quantum leaps possible through disruption

While these advancements involve changes in existing workflows, there are also much more radical approaches that eschew conventional structures entirely.

“The aggressive use of data is transforming business models, facilitating new products and services, creating new processes, generating greater utility, and ushering in a new culture of management,” states Professor Walter Brenner of the University of St. Gallen in Switzerland, regarding the effects of digitalization.

Harnessing these benefits requires the application of innovative information and communication technology, especially the kind termed “disruptive.” A complete departure from existing structures may not necessarily be the actual goal, but it can occur as a consequence of this process.

Having had to contend with “only” one new technology at a time in the past, be it PCs, SAP software, SQL databases, or the Internet itself, companies are now facing an array of concurrent topics, such as the Internet of Things, social media, third-generation e-business, and tablets and smartphones. Professor Brenner thus believes that every good — and perhaps disruptive — idea can result in a “quantum leap in terms of data.”

Products and services shaped by customers

It has already been nearly seven years since the release of an app that enables customers to order and pay for taxis. Initially introduced in Berlin, Germany, mytaxi makes it possible to avoid waiting on hold for the next phone representative and pay by credit card while giving drivers greater independence from taxi dispatch centers. In addition, analyses of user data can lead to the creation of new services, such as for people who consistently order taxis at around the same time of day.

“Successful models focus on providing utility to the customer,” Professor Brenner explains. “In the beginning, at least, everything else is secondary.”

In this regard, the private taxi agency Uber is a fair bit more radical. It bypasses the entire taxi industry and hires private individuals interested in making themselves and their vehicles available for rides on the Uber platform. Similarly, Airbnb runs a platform travelers can use to book private accommodations instead of hotel rooms.

Long-established companies are also undergoing profound changes. The German publishing house Axel Springer SE, for instance, has acquired a number of startups, launched an online dating platform, and released an app with which users can collect points at retail. Chairman and CEO Matthias Döpfner also has an interest in getting the company’s newspapers and other periodicals back into the black based on payment models, of course, but these endeavors are somewhat at odds with the traditional notion of publishing houses being involved solely in publishing.

The impact of digitalization transcends Generation Y

Digitalization is effecting changes in nearly every industry. Retailers will likely have no choice but to integrate their sales channels into an omnichannel approach. Seeking to make their data services as attractive as possible, BMW, Mercedes, and Audi have joined forces to purchase the digital map service HERE. Mechanical engineering companies are outfitting their equipment with sensors to reduce downtime and achieve further product improvements.

“The specific potential and risks at hand determine how and by what means each individual company approaches the subject of digitalization,” Professor Brenner reveals. The resulting services will ultimately benefit every customer – not just those belonging to Generation Y, who present a certain basic affinity for digital methods.

“Think of cars that notify the service center when their brakes or drive belts need to be replaced, offer parking assistance, or even handle parking for you,” Brenner offers. “This can be a big help to elderly people in particular.”

Chief digital officers: team members, not miracle workers

Making the transition to the digital future is something that involves not only a CEO or a head of marketing or IT, but the entire company. Though these individuals do play an important role as proponents of digital models, it also takes more than just a chief digital officer alone.

For Professor Brenner, appointing a single person to the board of a DAX company to oversee digitalization is basically absurd. “Unless you’re talking about Da Vinci or Leibnitz born again, nobody could handle such a task,” he states.

In Brenner’s view, this is a topic for each and every department, and responsibilities should be assigned much like on a soccer field: “You’ve got a coach and the players – and the fans, as well, who are more or less what it’s all about.”

Here, the CIO neither competes with the CDO nor assumes an elevated position in the process of digital transformation. Implementing new databases like SAP HANA or Hadoop, leveraging sensor data in both technical and commercially viable ways, these are the tasks CIOs will face going forward.

“There are some fantastic jobs out there,” Brenner affirms.

Want more insight on managing digital transformation? See Three Keys To Winning In A World Of Disruption.

Image via Shutterstock

Comments

Andreas Schmitz

About Andreas Schmitz

Andreas Schmitz is a Freelance Journalist for SAP, covering a wide range of topics from big data to Internet of Things, HR, business innovation and mobile.

The Future of Cybersecurity: Trust as Competitive Advantage

Justin Somaini and Dan Wellers

 

The cost of data breaches will reach US$2.1 trillion globally by 2019—nearly four times the cost in 2015.

Cyberattacks could cost up to $90 trillion in net global economic benefits by 2030 if cybersecurity doesn’t keep pace with growing threat levels.

Cyber insurance premiums could increase tenfold to $20 billion annually by 2025.

Cyberattacks are one of the top 10 global risks of highest concern for the next decade.


Companies are collaborating with a wider network of partners, embracing distributed systems, and meeting new demands for 24/7 operations.

But the bad guys are sharing intelligence, harnessing emerging technologies, and working round the clock as well—and companies are giving them plenty of weaknesses to exploit.

  • 33% of companies today are prepared to prevent a worst-case attack.
  • 25% treat cyber risk as a significant corporate risk.
  • 80% fail to assess their customers and suppliers for cyber risk.

The ROI of Zero Trust

Perimeter security will not be enough. As interconnectivity increases so will the adoption of zero-trust networks, which place controls around data assets and increases visibility into how they are used across the digital ecosystem.


A Layered Approach

Companies that embrace trust as a competitive advantage will build robust security on three core tenets:

  • Prevention: Evolving defensive strategies from security policies and educational approaches to access controls
  • Detection: Deploying effective systems for the timely detection and notification of intrusions
  • Reaction: Implementing incident response plans similar to those for other disaster recovery scenarios

They’ll build security into their digital ecosystems at three levels:

  1. Secure products. Security in all applications to protect data and transactions
  2. Secure operations. Hardened systems, patch management, security monitoring, end-to-end incident handling, and a comprehensive cloud-operations security framework
  3. Secure companies. A security-aware workforce, end-to-end physical security, and a thorough business continuity framework

Against Digital Armageddon

Experts warn that the worst-case scenario is a state of perpetual cybercrime and cyber warfare, vulnerable critical infrastructure, and trillions of dollars in losses. A collaborative approach will be critical to combatting this persistent global threat with implications not just for corporate and personal data but also strategy, supply chains, products, and physical operations.


Download the executive brief The Future of Cybersecurity: Trust as Competitive Advantage.


Comments

Tags:

Unleash The Digital Transformation

Kadamb Goswami

The world has changed. We’ve seen massive disruption on multiple fronts – business model disruption, cybercrime, new devices, and an app-centric world. Powerful networks are crucial to success in a mobile-first, cloud-first world that’s putting an ever-increasing increasing amount of data at our fingertips. With the Internet of Things (IoT) we can connect instrumented devices worldwide and use new data to transform business models and products.

Disruption

Disruption comes in many forms. It’s not big or scary, it’s just another way of describing change and evolution. In the ’80s it manifested as call centers. Then, as the digital landscape began to take shape, it was the Internet, cloud computing … now it’s artificial intelligence (AI).

Digital transformation

Digital transformation means different things to different companies, but in the end I believe it will be a simple salvation that will carry us forward. If you Bing (note I worked for Microsoft for 15 years before experiencing digital transformation from the lens of the outside world), digital transformation, it says it’s “the profound and accelerating transformation of business activities, processes, competencies, and models to fully leverage the changes and opportunities of digital technologies and their impact across society in a strategic and prioritized way.” (I’ll simplify that; keep reading.)

A lot of today’s digital transformation ideas are ripped straight from the scripts of sci-fi entertainment, whether you’re talking about the robotic assistants of 2001: A Space Odyssey or artificial intelligence in the Star Trek series. We’re forecasting our future with our imagination. So, let’s move on to why digital transformation is needed in our current world.

Business challenges

The basic challenges facing businesses today are the same as they’ve always been: engaging customers, empowering employees, optimizing operations, and reinventing the value offered to customers. However, what has changed is the unique convergence of three things:

  1. Increasing volumes of data, particularly driven by the digitization of “things” and heightened individual mobility and collaboration
  1. Advancements in data analytics and intelligence to draw actionable insight from the data
  1. Ubiquity of cloud computing, which puts this disruptive power in the hands of organizations of all sizes, increasing the pace of innovation and competition

Digital transformation in plain English

Hernan Marino, senior vice president, marketing, & global chief operating officer at SAP, explains digital transformation by giving specific industry examples to make it simpler.

Automobile manufacturing used to be the work of assembly lines, people working side-by-side literally piecing together, painting, and churning out vehicles. It transitioned to automation, reducing costs and marginalizing human error. That was a business transformation. Now, we are seeing companies like Tesla and BMW incorporate technology into their vehicles that essentially make them computers on wheels. Cameras. Sensors. GPS. Self-driving vehicles. Syncing your smartphone with your car.

The point here is that companies need to make the upfront investments in infrastructure to take advantage of digital transformation, and that upfront investment will pay dividends in the long run as technological innovations abound. It is our job to collaboratively work with our customers to understand what infrastructure changes need to be made to achieve and take advantage of digital transformation.

Harman gives electric companies as another example. Remember a few years ago, when you used to go outside your house and see the little power meter spinning as it recorded the kilowatts you use? Every month, the meter reader would show up in your yard, record your usage, and report back to the electric company.

Most electric companies then made a business transformation and installed smart meters – eliminating the cost of the meter reader and integrating most homes into a smart grid that gave customers access to their real-time information. Now, as renewable energy evolves and integrates more fully into our lives, these same electric companies that switched over to smart meters are going to make additional investments to be able to analyze the data and make more informed decisions that will benefit both the company and its customers.

That is digital transformation. Obviously, banks, healthcare, entertainment, trucking, and e-commerce all have different needs than auto manufacturers and electric companies. It is up to us – marketers and account managers promoting digital transformation – to identify those needs and help our clients make the digital transformation as seamlessly as possible.

Digital transformation is more than just a fancy buzzword, it is our present and our future. It is re-envisioning existing business models and embracing a different way of bringing together people, data, and processes to create more for their customers through systems of intelligence.

Learn more about what it means to be a digital business.

Comments

Goswami Kadamb

About Goswami Kadamb

Kadamb is a Senior Program Manager at SAP where he is responsible for developing and executing strategic sales program with Concur SaaS portfolio. Prior to that he led several initiatives with Microsoft's Cloud & Enterprise business to enable Solution Sales & IaaS offerings.