The rise in cyberattacks and data breaches, from the Australian continent to the Caribbean island-nation of Jamaica, has forced companies and organizations to implement or upgrade their cybersecurity systems. Are these only crisis management-induced expenditures -mainly on IT overheads- to placate customers and regulators?
Cybersecurity strategist Dejan Kosutic recommends a more strategic approach to investment on cybersecurity infrastructure that can help companies achieve sustainable competitive advantage. Kosutic shares invaluable tips in his article: ‘How to achieve sustainable competitive advantage through cybersecurity’. Below is an extract from this article.
“To be able to achieve long-term competitive advantage, companies must develop specific capabilities that competitors will not be able to match in the short term – these are called cybersecurity dynamic capabilities, and through my research I found that successful companies have the following 11 capabilities.”
Cybersecurity dynamic capabilities
- Informing – the ability of an organization to disseminate security-relevant information to all concerned actors within the organization and its supply chain.
- Understanding technology architecture – the ability to recognize the direction in which the security technology is developing, and the company’s ability to choose the appropriate technology accordingly.
- Making security easy to use and transparent – the ability to present and implement security rules and technology in such a way that anyone, even a layperson, knows exactly why they exist, and how to use them.
- Brand building – the ability to embed trust as a key feature of their brand.
- Balancing security and business – the ability to apply an optimal number of safeguards strong enough to address security risks, while being unobtrusive enough not to interfere with regular operations.
- Managing a secure supply chain – the ability to keep data secure even when that data is not under the direct control of the company.
- Prioritizing – the ability to focus on the most important cybersecurity activities and products to achieve strategic priorities.
- Building expertise – the ability to build cybersecurity know-how within the company to get highly satisfied clients and protect their data.
- Rewarding people – the ability to use KPIs and other measurement methods to stimulate security-relevant actors to contribute to the company’s cybersecurity.
- Interpreting data – the ability to find patterns and trends in large amounts of data to make informed security decisions.
- Embedding – the ability to make employees use security rules and technology as part of their regular daily operations.”
Achieving all 11 of these capabilities is quite a challenge, but Kosutic says companies that have developed at least a couple of them have been able to build a good foundation for long-term competitive advantage.
Leave a Reply
You must be logged in to post a comment.