Podcast: Business Value of Information and Cybersecurity
Recently, Hannah Suarez and Elizabeth Press of D3M Labs discussed the topic on growing business value with cybersecurity.
You can view the video below or see the notes and transcript below of some of the main discussion points.
✅ View the video on the D3M Labs Channel Here
Cybersecurity and Execution-Focused Startups
⚡ Startups, they are execution focused…
…and the thing with security is that it may be seen as a cost center, you know, some homework that someone has to do.
Now, I can give you a story that for one of the projects I'm involved in called Loyalty Status Co, they have used their ISMS, their ISO certificate to be able to ship a new campaign forwards. The CEO sat with the CEO of Frontier Airlines, and while it took just one week for the product to be shipped out, in between were multiple assessments around the security of the supplier, around data protection, around database security.
And at the end of the day, we are all working with our customers. They have to protect their customer data, their confidential proprietary data, and there has to be this assurance from this new supplier that they are able to work securely with their customer's data, with their proprietary data.
⚡ And so you can ship, you can execute very quickly with cybersecurity as core, and that can definitely work with startups as well.
Cybersecurity Core to Digital Transformation and role of CISOs (7:18)
Elizabeth Press:
I will say as a data leader as well, that the ability to create a digital business that is cyber secure, that is going to produce that high quality insights and also sometimes the algorithmic products at the quality that the startup promises is so key as well. So maybe you could talk about how cybersecurity is so core to the strategic execution.
My comments from the video:
📌 According to Gartner, about 56% of digital transformation projects were able to increase revenue. And when we talk about having this investor confidence in the company, the way to go about that is to have a CISO that is board aligned, that is reporting to the CEO.
And when that happens, there are a few different advantages to it related to revenue growth. One of them is that there are fewer data breaches.
Now in the US the global average of a data breach is $4.45 million. And in addition to that, when you have a cybersecurity program that is core aligned with the business, one of the advantages here is that the employees in the business, they know what their security responsibilities are.
So there is a greater security awareness within the business as well.
🫂 And when you have a greater security awareness, you have this first layer of defense employees, your resources, your human resources. And so when you have cybersecurity that is within the core of a business, it is completely possible to take advantage of all of these advantages.
Also, the fact that we have the SEC as well that now has this requirement to disclose material breaches and it is now amongst the external pressures of cybersecurity leadership, regulatory, legal, compliance, customers, clients, users and so on.
Extended Notes
Board-aligned CISOs report directly to the CEO are more advantageous :
They have increased control over managing their cybersecurity program
More likely to experience fewer breaches. “Nineteen percent of CEO-aligned security decision-makers estimated experiencing three to five breaches, compared to 29% for IT-aligned and 27% for risk-aligned. This also confirms that the reason why CISOs were moved under the CEO is not due to experiencing a major breach (at least within the last 12 months” (Source)
Able to socialize cybersecurity responsibilities across the organization.
Data Sovereignty (8:59)
Privacy and data protection concerns are rising with the use of personal data on public cloud platforms. Lack of data sovereignty with the reliance now on US-owned cloud companies - while the data centres are located around the world, the companies are still US-owned.
My comments from the video:
💡 Yes, when it comes to data sovereignty, it is not just the location of the data centre. “Is it based in Germany?”. It's also who owns the company.
And the three examples that I can show you is AWS, Google Cloud Platform and also Microsoft Azure. Now, many German companies, they are now moving to the cloud as part of their major digital transformation projects. We're not just talking about startups, but also industries like the telecommunications industry, aviation and so on.
…They are all moving their data into these cloud platforms. And the thing here is that it's not just personal data. So it's not just your first names, age, date of birth, and so on. It's highly personal data. It's genetic data, it's biometric data, also in telecommunications, SSDNs, DNS and so on. One of the items when assessing how sovereign is our data with this cloud platform is around cryptography. So who owns the keys?
Are we able to fully manage our own keys with this platform? Another one is the cryptosystem. So is this platform able to change the crypto system, the way that they manage the keys, their cryptography policies? Will they change it just whenever they want? And so the way I see it is that in some cases “it's too big to fail”. i.e “If you don't like one platform, you can move somewhere else. We're not going to consider any specific security requirements”. And that is a challenge in maintaining data sovereignty. And that will be the case in the future as well.
Contact Us Today
Learn more about Superuser OÜ events by following us on LinkedIn.
Have a question? Find the following resources on our Services Page for other enquires,
contact us.
Register your interest for upcoming new products and services or stay up-to-date by subscribing to our mailing list.
