By Pradeep Vasudevan
In today’s digital-first landscape, data is the oxygen for businesses. Securing data is a top priority for organisations as this is critical to building stakeholder trust and delivering value. Any damage to the trust in data can directly impact business growth and significantly increase IT spending. In fact, according to a Cost of a Data Breach Report 2023, the average cost of a data breach in India reached an all-time high at INR 179 million in 2023, with detection and escalation costs increasing by 45% since 2020.
Further, growing regulatory requirements require businesses to safeguard data across all touchpoints. Recently, the Government of India passed the Digital Personal Data Protection Act 2023 to safeguard personal digital data. This bill also lays down compliance criteria to be followed by organisations when gathering, processing, and storing such data. While it is often simple enough to chart out cybersecurity goals, several organisations face daunting challenges when implementing these goals.
Also read: DPDP Act revolutionising third-party risk management in India
CISOs recognise and prioritise secure, trusted data as a driver of business value. The emphasis high-performing CISOs place on aligning data with security, operations, and technology is a key trait that differentiates them from their peers and ensures higher success.
The role of culture and collaboration
Strong data security allows organisations to take bigger risks, move faster, and realise value more efficiently. However, improving an organisation’s data security posture implies change and often, change encounters challenges. By acknowledging the roles of different functional areas to align data, security, operations, and technology strategies, leaders can establish the trust required to fuel innovation and better performance. Leaders should recognise functional interdependencies and foster a culture of collaboration to build trust and supercharge innovation. In addition to this, encouraging greater transparency between teams that understand a given source data and the end-users of such data can help improve business decision-making.
Building the right security capabilities
With threat actors increasingly disrupting industries, CISOs should team up with business leaders to boost their security hygiene. It is important to make a thorough assessment of the organisation’s data architecture and processes to identify potential vulnerabilities and deploy tailored, secure infrastructure that can protect trusted data. Organisations must also have an Incident Response (IR) regimen and a Business Continuity Plan (BCP) in place, involving stakeholders across levels and functions in the organisation.
Also read: DPDP act – Will privacy-first approach hinder innovation
With the advent of emerging technologies such as Generative AI, organisations should also relook at their traditional security policies and guidelines and ensure these are updated to avoid any operational bottlenecks. This will be important in highly regulated industries such as BFSI, healthcare services, telecom, and energy among others.
Leveraging Security AI & Automation
Technologies such as Generative AI are transforming the playing field – for cyber attackers and defenders. Generative AI tools today give threat actors a faster means to create new and sophisticated types of malware and phishing schemes.
It is becoming evident that time is the currency of cybersecurity. By taking advantage of security AI and automation capabilities, organisations can detect and respond to cyber incidents with greater speed, reduce the cost and impact of these incidents and safeguard the business’ most valuable asset. For example, Generative AI can help defenders to simulate attacks that can expose an organisation’s vulnerabilities and in turn, strengthen training and readiness. The Cost of a Data Breach Report 2023 revealed that companies with extensive use of security AI and automation experienced a data breach lifecycle that was 153 days shorter compared to studied organisations that have not deployed these technologies. Further, automating routine checks and balances will also enable cybersecurity talent to focus on more important matters.
Looking ahead, it is important for businesses to realise that data security is not limited to protecting data. Rather an improved data security posture allows organisations to increase operational efficiency and enables informed decision-making with more confidence.
(The author is country leader, security software, IBM India and South Asia. Views expressed are personal and not necessarily that of financialexpress.com)
