CTOs say the party line that digital transformation is about the customer first and foremost is flawed and it’s actually about business efficiency and security. That’s the conclusion of research by Radware which has released findings from its 2018 Executive Application and Network Security Report.
Now in its fifth year, the study found that many executives including CEOs, CIOs and CTOs, rank security as the number one reason to undergo digital transformation, ranking it higher than the experience they will give customers, and the improved competitive advantage and profitability it brings. Almost half of the respondents, 47%, added that the significant change the organisation was undergoing has put more pressure on security.
As a result of this pressurised dynamic, 71% of executives report shifting their security budgets in favour of machine learning and automated security tools, with as much as 43% of budget going on automation. 46% still rely on manual security processes to keep the network safe and some two thirds say that their security measures are lacking and penetrable by hackers.
Much of the business transformation execs are managing involves moving to the cloud. In fact, 90% of execs are now using multiple public and private cloud environments, with anything from 25-50% of their applications now hosted in the cloud. But overwhelming 97% of execs said they have security concerns about this strategy possibly because approximately half of executives report having experienced a data breach from mobile applications in the past 18 months.
Andrew Foxcroft, regional director for Radware UK, Ireland and the Nordics says: “It’s interesting that the public is being told that the over-riding reason for digital transformation is to improve the customer experience, yet the business imperative is really about improving efficiency and securing data. It raises the question about what there is to hide and how secure our data is.
“I think CTOs are stuck between a rock and a hard place, trying to keep all parts of the business happy. Rightly so they are turning to a cloud strategy to transform how business is done but it’s only proving to create security gaps and put data at risk.
“But there are ways to turn this challenge into an opportunity. Building customer experience that’s secure is vital to win the loyalty of today’s tech-savvy consumer. The fact is security needs to be seen as more of a strategic business issue if executives want to drive loyalty and build their brand.”
To manage the concerns, execs are now more readily sharing intelligence with peer companies, with 46% having introduced the policy in the last two years, and a further 10% planning to in the next year. Stricter checks on suppliers (35%) and tele-working policies (44%) have also been introduced in the last 24 months.
Skills also features on the list of ways CXOs are responding, with 37% saying they are now working more closely with educational institutions to recruit security experts, and 35% are turning to white hat hackers to test systems. Interestingly the trend to employ ex-hackers has tailed off in Europe with 20% of companies saying they won’t continue to in the future and instead will turn to vendors and automation for support.
Andrew continues: “Skills, especially security skills, is going to be one of the biggest challenges CTOs face in the next five years. I think we’re on the cusp of seeing skills replaced by automation and a more open approach to using educational institutes as well as the expertise of vendors to stay ahead of the cyber criminals. There is only so much a machine can do and CTOs will need to have a strategy in place that blends the skill and technologies available to them so they have every weakness covered.”
When it comes to reviewing security measures, it’s an attack on their own network that prompts a review for 59% of execs. However, it’s an attack on a competitor that is most likely to prompt a review (61%). The rise in nation state attacks is also causing concern for 41% of execs who say it’s instigated another look at defences, this is especially true in America where 54% of execs were worried about the increase.
As you would expect given the introduction of GDPR and recent scandals, data privacy is a great concern for their C-suite with 7 in 10 saying it’s got boardroom attention now with 41% of execs said that the company had suffered legal action as a result of a breach.
69% of executives said that their company faced a ransom attack in the past year, compared with only 14% in 2016. Worryingly 53% admitted paying a ransom to try to stem an attack.
Interestingly, more than 4 in 10 executives report having had their own personal information exposed as a result of a data breach, though this is more common in America and Asia than Europe.
Despite all these concerns, 82% of execs say their companies do not include security review processes in the development of applications, and there are no bug bounty programmes in 65% of cases, or built in testing procedures for DevOps, 44%.