The challenge on the net
In an increasingly networked world, cyber security remains one of the key challenges for companies. The need to think about it strategically and holistically is greater than ever.
What are the four key challenges for companies? And above all: how can they strengthen their resilience in concrete terms?
1. new threats from generative AI and quantum computers
The rapid pace of technological development not only brings advances, but also new threats. Generative AI can be a powerful tool, but it also allows cybercriminals to create extremely convincing phishing emails or deepfakes that can easily bypass traditional security systems. In addition, it is already clear that advances in quantum computing could make traditional encryption methods obsolete in the future.
To meet these challenges, companies must act proactively. A critical factor is the modernization of IT infrastructure, which includes both AI-powered security solutions and quantum-safe encryption technologies. The Kyndryl Readiness Report[1] shows that 86% of organizations consider their AI implementation to be top-notch, but at the same time only 29% believe their AI systems are ready to handle future risks. So it's clear that strategic planning and continuous innovation are needed to both anticipate emerging threats and make the best use of existing technologies.
2. overcoming organizational silos
A key challenge for organizations is the fragmentation between security and business areas, which often leads to inefficiencies and increased risks.
Effective management systems such as ISO 27001 provide a structured approach to overcoming these silos by linking security strategies to overarching business objectives. Establishing an information security management system (ISMS) helps to define clear processes and responsibilities and promote collaboration between IT, security and business units. At the same time, ISO 27001 promotes a culture of continuous improvement that enables organizations to respond flexibly to new threats and meet regulatory requirements efficiently.
Despite technological advances, however, people remain a key factor. Structured training programmes such as phishing simulations or training on secure password use increase cyber vigilance at all levels of the organization. By raising awareness of security risks and encouraging active participation, employees can better recognize and respond to potential threats. The combination of effective management systems and a well-informed workforce strengthens organizations' ability to mitigate risk and increase their resilience.
3. efficient use of security tools
The multitude of security tools available can give the impression that more tools automatically mean more protection. In reality, however, this often leads to an over-complexity that makes it difficult to maintain an overview and favors security gaps. A consolidated security platform that integrates various functions can provide a remedy here. By centralizing security data and processes, companies can detect and respond to threats more quickly. Standardized dashboards and automated workflows improve efficiency and reduce human error. In addition, such a platform enables security managers to focus on strategic tasks instead of investing valuable resources in the management of individual solutions. Furthermore, a consolidated solution creates transparency, which is essential for both internal and external audits.
4. anchoring readiness for cyber security at C levels
However, the biggest hurdle to a holistic cybersecurity strategy is often organizational in nature: the lack of support from senior management. According to the Kyndryl Readiness Report, 69% of large organizations report a lack of critical support from their boards of directors. Additionally, 73% of security leaders indicate that their boards of directors do not take an active interest in their organization's cybersecurity readiness. Without the active involvement of the board and C-level, cybersecurity therefore often remains an isolated issue.
Strategies to promote cyber awareness at senior management level include regular reporting on security risks and their potential business impact. A clear overview of the return on investment (ROI) of security investments can also be persuasive. Workshops and simulations of cyber attacks for top management can also raise awareness of the urgency of the issue.
Another important measure is the appointment of a Chief Information Security Officer (CISO), who reports directly to the management level (see also article on p. 34). This ensures that cyber security is anchored as a strategic goal and does not just remain at an operational level.
Cybersecurity as a strategic competitive advantage
Cyber security has become a strategic business imperative. Given the increasingly complex and dynamic threat landscape, organizations must take a holistic, long-term approach to their security strategies and cyber resilience. The four challenges described above - from emerging threats to organizational silos to strategic gaps at the executive level - illustrate the complexity of this task.
Companies that successfully overcome these challenges achieve more than just strengthening their lines of defense - they gain a strong competitive advantage. By linking cyber security to overarching business objectives, they not only close the gap between perceived and actual security, but also position themselves for sustainable success in an increasingly digitalized world.
[1] https://www.kyndryl.com/content/dam/kyndrylprogram/doc/en/2024/kyndryl-readiness-report.pdf
Author
Maria Kirschner is Vice President and General Manager of Kyndryl Alps. Kyndryl claims to be one of the world's largest providers of IT infrastructure services for thousands of corporate customers in more than 60 countries.
