Cybersecurity: the importance – and the challenges – of cybersecurity

Jason Harle Blog

There is no doubt that the near-instant ability to access or process data is completely changing the way we work, consume, organise and socialise. More and more of the global population are becoming connected to the internet, giving them access to goods, services and information on demand. Whilst the growth of connected users has been rapid, corresponding efforts to understand the data and security landscape has been slower. In addition, where easier access to data, goods and services is good for users and customers, it also makes it easier for those who want to steal data, disrupt services or commit other types of criminal activity online. The more innovation and technology is enabled, the more risks that are posed to customers, businesses and organisations.

One of the ways to tackle this is at the national/international level. The European Union has been active in recent years with two initiatives aimed at making its citizens more secure. The General Data Protection Regulation (GDPR) aims to ensure that personal data is allocated sufficient protections with significant financial penalties for organisations failing to comply. One of the benefits to consumers of this regulation is that it has raised awareness that their personal data belongs to them, and that they have certain rights about how that data is stored and processed. It has also introduced a burden on companies and organisations to comply with the GDPR. This means that regulation design must closely balance data protection with limiting the implementation and operating burdens on companies and organisations.

The Directive on security of network and information systems (NIS Directive) is the first piece of EU-wide legislation on cybersecurity. It provides legal measures to boost the overall level of cybersecurity in the EU and targets critical national infrastructure in two areas: Operators of Essential Services, which are established within the EU, and Digital Service Providers that offer services to people within the EU. This is successfully raising the profile of what constitutes critical national infrastructure and is both compelling and assisting those affected in improving security as society becomes more connected.

Another option is to target selected industries by demonstrating the benefits of solving these issues through a common approach, and as long as the benefits can be demonstrated to outweigh the challenges then buy-in from companies and organisations should be much less complicated. The normal challenges of different appetites, working cultures and even time zones can be overcome with a clear strategy. More difficult challenges may be as follows:

  • Building relationships between organisations that may well be in direct commercial competition with each other.
  • Understanding and absorbing different regional regulations.
  • Demonstrating a return on time and cost.
  • Avoiding breaches of regulation, such as anti-competition rules.

However, the benefits for organisations that collaborate in order to build models that can address and implement regulations and standards can include:

  • A shared cost burden
  • Efficiency in ensuring that organisations that use similar business and operating models reduce friction when interacting – this is particularly important in international supply chains, or where different companies are involved in delivering one product.
  • Strength in numbers whereby organisations and companies can effectively communicate challenges to regulators as a single unified voice.
  • Identifying common risks and addressing them in a uniform manner.

During the panel session on “Regulating the future: safe, inclusive, connected” at ITU Telecom World 2019 in Budapest this September, I will address these challenges and opportunities in more detail and talk through some of the ways to effectively enable industries to solve these issues. I look forward to a lively and interesting discussion!

About the Author

Jason Harle

Jason Harle, Cyber Risk Analytics Capability Leader. Jason leads Deloitte Denmark’s cyber risk analytics capability in Denmark, one of the world’s most digitized nations. He works to identify, and then mitigate, risks using frameworks, processes and technology. He has worked on international projects using regulations and frameworks to both secure businesses whilst also enabling them to benefit from interconnected technology. This is a key area of interest for Jason, as whilst industry demands for information, coordination and commercial activity grow, so too must accompanying security understanding and protection. An expert in risk-based cybersecurity, he has in depth knowledge of data protection through technology and regulation and holds a number of industry certifications including CISSP, SSCP, and ISO 27001 Lead Auditor. Prior to joining Deloitte, Jason spent 18 years in the British military where he worked in security and intelligence around the world.

Share this