Recent estimates show that cybercrime costs the UK economy alone £27 billion every year. In January 2012, the World Economic Forumís Global Risks 2012 annual report named cyber attacks as a top-five risk and the UK government raised cyber security to a Tier 1 risk to the nation. It is in the interest of every enterprise to put in place processes to prevent successful cyber attacks.
At the same time, the right security framework can very quickly help an enterprise become more competitive by enabling it to respond to changing market trends and customer demands. Security can, in fact, be an enabler of innovation. When a proactive attitude is taken to IT security, and it is woven into the culture of the enterprise, it can ensure that the business is agile, growing and becoming more innovative. An enterprise that can adapt to change also establishes confidence within its own staff and customer base, and is able to support its growth.
A properly planned IT security strategy, with support from the board, provides an enterprise with a solid security framework that is planned for growth. With a consistent, scalable security foundation and plan to build on it, there becomes less need for knee-jerk reactions as change happens.
Planning ahead will ensure that your enterprise has an efficient methodology to manage the impact of change before problems are encountered. Building this type of IT security framework will enable your enterprise to launch entirely new business initiatives swiftly. Being an early adopter of emerging technologies is necessary to gain competitive advantage and, instead of whingeing on the sidelines when new government regulations are introduced, being able to comply with these instructions more securely and cost effectively because you have anticipated them. This also allows you to take advantage of the new dynamism in your business as you leave the competition behind.
You have to ensure that your enterprise culture is open to innovation. The most successful companies are the ones that are cautiously open to innovation. It is generally the case that in any company culture, the more restrictions you apply, the less you promote innovation. Innovation requires a certain amount of freedom; however, this needs to be outlined and the limits carefully delineated. Compliance and regulatory framework have to be in place, but they do not have to be put in place heavy handily.
There are many ways to implement innovative strategies, particularly if employees may be resistant to new ideas because they restrict, or perceive them to restrict, freedoms that they already have. There are ways to break down this resistance. For example, if your sales teams are using unsafe methods of communicating with the office while they're on the road, you should research the type of tools that would be better for the enterprise and which they would use with the least resistance. At the same time, an appropriate awareness program should explain that following and proving security in practice makes the enterprise look more trusted to potential clients, helping the sales team achieve its goals.
Looking into this example in a wider manner, in the early days of the Bring Your Own Device (BYOD) trend, most IT security departments considered the technology far too insecure to use, attempting to prohibit it. Later on they have realized that it is a law of physics that water will find its own level, accepting that BYOD was there and they should find ways to enable it through IT security controls.