One of our competitors recently suffered a major data breach. This ― and the emergence of new market players prompted me to consider what cybersecurity strategy would best protect our own digital assets.
My starting point was our business needs. What security should we have in place to ensure the company’s growth and competitiveness going forward ― especially the level at which we combined digital transformation with acceptable risks? And, crucially, how could I ensure that our security plans were given the senior-level attention required from decision-makers and other stakeholders to ensure top-down buy-in to the whole subject of cybersecurity?
It was a strategically important challenge. I needed to ask the right questions to enable me to build an appropriate cybersecurity strategy for our organization ― one that would ensure regulatory compliance and business resilience. These questions had two focus areas: how to achieve our cybersecurity objectives, and how to align those objectives with the business.
A critical starting point to protecting your digital assets
Here’s what I came up with ― and I believe these four questions would be a good starting point for any CISO or IT leader developing their security strategy:
- How do we evolve our traditional security model so that there is a focus on data, people and risks?
- What should we focus our investment on now, given that security operations no longer rely solely on IT protection?
- How can we embed the new cybersecurity vision as part of the wider business transformation journey, in order to deliver deep changes in the security function?
- How can we avoid employees being the weak link and move toward a more people-centric approach to security?
So, I was asking the right questions, now I needed to put in place my strategic security plan. I set up a meeting with the Capgemini Cybersecurity team to help me map out a bespoke strategy for our business and then bring it to fruition.
What I liked about Capgemini’s proposal was their offer to manage both strategy and implementation ― no one else was able to paint (and deliver) this complete picture. I was also comfortable with their vendor-agnosticism because I knew I wouldn’t be pressured to buy any particular technology, or be tied into an expensive license deal.
Based on a clear, shared vision of our maturity and practices, Capgemini helped implement our cybersecurity transformation program in just 12 weeks. I now feel confident that we’ve got the cybersecurity we need to take our business forward ― securely.