Cybersecurity is viewed as the biggest single risk to digital transformation projects, but most organizations aren’t involving CISOs early enough in projects, according to new research from Nominet.
The .uk registry and DNS security organization polled 274 CISOs, CIOs, CTOs and others with responsibility for security in US and UK organizations.
It found that the vast majority (93%) were implementing digital transformation projects, although of the small number who weren’t, more than a quarter (27%) said it is because of security concerns.
Cybersecurity was also far and away the biggest worry for those currently undertaking such projects, with 53% citing it as a top-three threat. Some 95% expressed some concern, with over two-fifths (41%) either “very” or “extremely” concerned.
Topping these concerns were exposure of customer data (60%), cyber-criminal sophistication (56%), an increased threat surface (53%), visibility blind spots (44%), and IoT devices (39%).
Although a third (34%) of respondents claimed security was considered during the development of the digital transformation strategy, many left it to the pre-implementation (28%) and implementation (28%) stages, or even post-implementation (9%). Some 2% said security wasn’t considered at all.
IT leaders may be over-confident in their ability to mitigate cyber-risk in digital transformation. Some 82% of respondents claimed it was considered early enough in their projects and 85% scored it near top marks for effectiveness, despite 86% having suffered a breach in the past 12 months.
What's more, a majority of partners (59%), customers (55%) and industry/regulatory bodies (54%) had queried the robustness of their approach.
“With digital transformation you have to be sure that when you’re bringing in new applications, security is considered from the outset," argued Nominet CISO, Cath Goulding. "More than this though, in a digital transformation project, the real trick is to manage the security considerations of legacy and new applications simultaneously.”
On the plus side, 31% of respondents reported that 11-25% of their digital transformation budget is allocated to cybersecurity, with over a fifth (23%) claiming that 26-50% is set aside.