Resilience & Responsibility: mutually dependent, together enabling a better Digital Britain (Guest blog by Alchemmy)
Today, digital organisations must move fast whilst staying secure amidst ongoing disruptive change. As security incidents continue impacting networks and information systems, emphasis has rightly shifted towards improving the ability to react quickly and recover efficiently from incidents. Better resilience is central to the UK’s National Cyber Security Strategy to safeguard digital Britain.
Alchemmy believe that by investing in better Resilience, Boards demonstrate commitment to Digital Responsibility and in doing so, strengthen ways of working in support a whole-of-society approach to the UK cyber ecosystem. This investment helps protect corporate reputation, stimulate external investment and attracts future talent. Together, Responsibility and Resilience demonstrate purpose, integrity and transparency which fosters trust.
If Resilience helps safeguard the way in which we work together as a connected society, then how does Responsibility strengthen the need to invest in cyber across the supply chains of digital Britain? Let’s use the International Corporate Digital Responsibility Manifesto to explain how to invest in the long-term sustainability and resilience of organisations.
Purpose and Trust: Be clear on the defining purpose of your organisation and what it does to sustain trust. Reputational damage from data leaks is front-page news, but Responsible organisations go further by understanding the bias of algorithms or identifying negative environmental impacts. The Swiss Digital Initiative has launched a digital trust label to explain mitigations and implications for managing data, privacy and protection levels. A Digital Ethics Advisory Board can guide your Board in the risks from product or company strategy by linking with reputational, investment or resource challenges it might face. Responsible organisations go further by measuring their posture against these challenges to ensure security spend is prioritised to underpin the strategic direction of the business and the threats it faces to achieve this.
The CDR Manifesto seeks to influence the right balance of controls relevant to your regional or global landscape. Complexity from multiple regulations and geopolitics makes this hard to navigate but Responsible organisations consider security across their wider supply chain to help detect, react and recover from threats relevant across their Industry position.
Fair, equitable access, for All: law stipulates accessibility and inclusivity in many countries. Boards should add ‘easy-to-use’ to guide resilience decision-making. It’s often suggested that adoption rates increase if the benefit delivered is convenience. The market is crowded with many technologies sold on functionality, rather than explaining the importance of overall security performance and resilience. Feature-led SecOps tooling and complex integrations delay access to the right data which affects response times not only for the client, but constrain how these products are sold too.
Syed argues that diverse thinking delivers better outcomes. If we apply this to security, then building better diversity into SecOps unlocks potential for better decision-making. Irrespective of whether diversity means gender, cultural, skills or simply fresh perspective, better results are more likely if fairness and equal access is designed into security teams.
Societal wellbeing: aside from Data Privacy and Governance, investing in the wellbeing of SecOps staff is important. Setting the right conditions for people to make better security decisions is key to better resilience. Responsible organisations who manage the risk of burnout to key staff also benefit from an improved ability to maintain resilience under sustained operational pressure.
Socio-economic impact: Sustainable Automation considers the impact on individuals – training, redeployment, wider opportunities across society, but also on the business itself. There seems little merit in automating everything if there is no fall-back or contingency if compromised. Whilst Intelligent Automation is important to CIOs, it also helps CISOs where moving to cloud improves security operations, resilience and sustainability for the organisation overall. Similar to Societal Wellbeing, this applies to data and algorithms, but primarily focused on authenticity (verified and permissible) and on appropriate data ownership.
Mindful of accelerating Progress within the Impact Economy: Mixing economic benefit with environmental is harder to apply to Resilience, but key to effective security is collaboration across the supply chain. How does your organisation mitigate cyber risk from different types of suppliers? Exchanging threat information and discussing risk with big players is important but making it easier for smaller companies to safeguard their business is part of Responsible business. Being able to quickly access niche expertise in areas such as CISO performance assessment strengthens Resilience.
Sustainable Planet: solving challenges such as sustainable waste management, climate change, resource scarcity and biodiversity is key to our future. Resilient organisations invest time to understand how geopolitics affect the likelihood of threats to inter-country collaboration such as shared subsea critical national infrastructure. The UN-backed CODES initiative to digitally transform our planet combines massive datasets to create a global sandpit/digital twin to enable innovation on planet-centric problems. Their success depends on effective safeguards on the information shared and how it is used between countries and companies.
Climate and Environment: aside from emissions, recycling and re-use, considering how resulting solutions affect the resilience of economies, supply chains and the business continuity plans of individual organisations is becoming increasingly important. For example, concerns about moving data to the cloud and the associated vendor lock-in and data sovereignty issues can be set against the cost, speed and functionality advantages from cloud services. Nowadays, contracts are awarded based on energy use. Here, higher energy demands from the compute requirements of blockchain or crypto solutions can be balanced with the security and performance advantages of these innovations. Here, the cost of designing better Resilience into systems should be considered together with the digital Responsibility implications of their use overall, to arrive at sound decisions.
Conclusion
In protecting any organisation, Boards are responsible to ensure a viable and sustainable means of doing business to maintain trust, retain investor support and this is increasingly now seen as purpose-led and acting with integrity. Resilience is the key to protecting organisation and its assets, subject to the behaviour of the people, functions and processes of your business. Security isn’t just about firewalls, SOCs or threat intelligence, it also relates to Digital Responsibility. Doing business safely, security and with integrity to help your customers and contribute responsibly across society and our planet.
#Alchemmy #DigitalResponsibility #CDR #Resilience #Responsibility #CyberSecurity
Help to shape and govern the work of techUK’s Cyber Security Programme
Did you know that nominations are now open* for techUK’s Cyber Management Committee? We’re looking for senior representatives from cyber security companies across the UK to help lead the work of our Cyber Security Programme over the next two years. Find out more and how to nominate yourself/a colleagues here.
*Deadline to submit nomination forms is 17:00 on Tuesday 18 October.
Upcoming events
Get involved
All techUK's work is led by our members - keep in touch or get involved by joining one of the groups below.