Following the pandemic, substantial shifts in the business environment and culture have emerged, warranting our careful consideration. We’ve all become more technology-dependent, our working methods have changed and cyber risks have become more prominent and persistent. The regulatory space has become more active and stringent, especially around issues about security and data privacy. A steep rise in adversarial activities by so-called “Big 4” anti-western nations and the onset of a new AI-fueled era is prompting new opportunities and also, new risks.

In such a rapidly changing landscape, how can organizations strike a balance between business growth, risk management and cybersecurity? Here are some recommendations and best practices that can help:

Align Business Goals and Security Objectives

If your business is dependent on technology, consider the associated cybersecurity risks. Business leaders must learn to view cybersecurity from a more corporate stance in terms of what is the strategic direction of the company: What is it trying to achieve, what things will make a substantial difference (e.g., acquiring new customers, protecting jobs, minimizing disruptions, etc.) and then align security objectives around that direction. Traditionally, the cybersecurity discipline was never regarded as providing a competitive advantage. This mindset needs a shift, especially if you are operating in a highly regulated industry.

Focus on Crown Jewels

The risk landscape is so vast that it would be impossible to cover all contingencies. And so, it’s important to focus on the crown jewels and use them as a basis for your cybersecurity strategy. What is it that you’re protecting? Is it intellectual property? Is it customer data? Is it your manufacturing setup? Is it your employees? Management often debates on how much budget it should allocate to cybersecurity. Truth is, it depends on your risk exposure and risk tolerance, business ambitions, the industry you belong to and the business activities being engaged, whether that’s M&A, entering new markets, launching new products, etc.

Improve Communication Between Business and Security Teams

The language of business is different from the language of technology or security. So, whose responsibility is it to learn to speak the other’s language? The answer, of course, is all parties. To secure future investment for programs means winning the hearts and minds of the business.

Security professionals must adeptly articulate their contributions to meeting business goals. Conversely, from a business standpoint, leaders need to recognize the crucial role technology plays in accomplishing their objectives since growth is intertwined with technology, security and risk. Both parties need to cultivate mutual understanding, collaborate, and communicate with each other.

Don’t Overlook the Importance of the Human Element

Nearly three-quarters (68%) of cybersecurity incidents are a direct result of human mistakes, poor judgment, or employees falling prey to a phishing attack. Every organization must make their staff understand the criticality of cybersecurity and to show accountability for protecting the organization. This means not just making them attend mandatory security awareness sessions or conducting phishing simulation exercises, but also making a personal connection with individuals, understanding their concerns and pain points, empowering them with tools and resources that can improve their security performance and providing the right guidance.

Embrace Agility, Adapt and Innovate

Concerning risk management and cybersecurity, acknowledge that achieving perfection is unlikely. Mistakes will be made, but what truly matters is how you bounce back, the lessons you derive from missteps and sharing those insights with colleagues. Remain nimble and seize opportunities as they present themselves. For instance, AI offers immense potential and excels at analyzing data and identifying anomalies, making it a powerful tool for risk management. Repeatedly conducting network scans and cross-referencing security alerts from various systems can be tedious and error-prone. Humans are susceptible to making mistakes and ignoring security alerts. Explore ways to utilize AI for such tasks and embrace it for achieving business objectives.

The relationship between risk and growth is inseparable. The degree to which business objectives and security strategies are in alignment will ultimately shape the trajectory of the enterprise.

Leaders must shift their perspective on security, and recognize it as an enabler of business growth rather than merely a cost center. Enhancing collaboration between business and security teams, integrating employees into security strategies and fostering agility in embracing new concepts, can help enterprises reach a productive balance between cybersecurity and business growth. In times of crisis, technology alone cannot fully restore compromised systems – human effort and ingenuity are always indispensable.