Cybersecurity Redefined for the Digital Era
Security and Cybersecurity is one of the most misused terms in technology today and the misunderstandings that causes can create problems. Security and risk management leaders must agree on what cybersecurity means to address the risks and threats of digital transformation.
- Integrated risk management for an organization requires a concise, yet comprehensive, definition of cybersecurity for effective policy and controls development.
- Current definitions of cybersecurity are not reflective of the changes caused by digital business transformations that organizations are experiencing.
- The rapid changes in technology (e.g., cloud services, the Internet of Things [IoT] and advanced analytics) increase risks if an evolving process for defining cybersecurity is missing.
Gartner recommends security and risk leaders should do the following:
- Define and apply "digital security" as a term that reflects digital and cybersecurity risks of digital business initiatives.
- Incorporate the standard definitions into contracts with vendors throughout the organization's supply chain by delivering an agreed-on standard template for contracts and procurement.
- Review the cybersecurity definition yearly or as major business needs change through a combined business/technology governance team, and change as needed.
- Propagate the definition throughout the organization via aggressive communications and awareness programs as part of a mandated cultural shift for digital business.