Mature technology and controls create a competitive edge
Mature technology and strong cybersecurity no longer are optional features for organizations that are seeking to drive growth.
In many industries, sophisticated enterprise resource planning, human capital management, supply chain management and financial planning and analysis systems are providing companies with efficiencies and strategic advantages that give them an edge over their competition.
For a growing number of companies, a technology offering comprises the entirety of the product or service for sale. In the healthcare industry alone, there are companies that mine patient data to provide predictive analysis, create a virtual setting to connect patients with caregivers, and perform many other important functions.
“You now have companies that are just a purely data play,” said Sonny Origitano, Managing Director - Strategic Solutions for Grant Thornton LLP.
Origitano participated in Grant Thornton’s growth series discussion that focused on the role IT and cybersecurity play in driving growth. Suffice to say, mature IT and cyber controls are no longer optional — they’re necessities.
Whether companies are looking to drive organic growth or hoping to be acquired, having the right technology is a must for maximizing value. And that technology — indeed the welfare of an entire organization — is in extreme jeopardy without strong cybersecurity controls.
As attackers get more sophisticated, new controls are needed.
“Given the rise of phishing attacks and identity fraud over the past few years, multi-factor authentication is no longer the gold standard,” said Derek Han, Principal and Cybersecurity and Privacy Leader for Grant Thornton. “It’s become the baseline, a basic standard. Even in the past year and a half, we’ve seen bad actors start compromising multi-factor authentication solutions. I think the bar keeps rising every day in terms of how we’re going to keep consumer identities secure.”
4:03 | Transcript
More growth insights
Get motivated on cybersecurity
Mid-market companies may be vulnerable
For some companies, the motivation to improve cybersecurity is increased when a cyber insurance provider raises rates or threatens to deny coverage because controls aren’t strong enough.
“You can spend less on cybersecurity, but your insurance premium would go up and then if you experience a breach, you’d have to pay for that as well,” Han said. “There’s no free lunch in my opinion. You have to spend money. But also, I believe as the industry adopts more standard controls, the cost will go down. You look at Microsoft, and they’re building a lot of their cybersecurity solutions into their Microsoft 365 subscriptions. More and more, cybersecurity will become a feature of your computing devices. I think the cost will come down.”
Cybersecurity risks may be particularly challenging for mid-market companies with less than $500 million in annual revenue. They often have a director or vice president of IT, but not a dedicated chief information security officer. If the IT leader is not a cybersecurity expert, the company might be lacking in controls and cyber resilience.
Origitano said mid-market companies may be especially vulnerable when they are in the news because of an acquisition. He said the impetus for cybersecurity improvement at these companies may come when a strategic buyer wants to improve their controls.
It should be no surprise, then, that IT maturity and cybersecurity have become core elements of due diligence activities related to transactions. They’re also considered when companies are choosing suppliers.
“If your business model is one where you’re holding data or anything else belonging to a client, you had better have these controls in place,” Origitano said. “Nowadays companies are getting more sophisticated when they do their own diligence on a provider or supplier. If you don’t have the right controls in place, a potential client may pass you up and find a different provider.”
2:48 | Transcript
More than half of CFOs consistently plan to spend more on cybersecurity, according to this bar chart using data from Grant Thornton’s quarterly CFO surveys. In any given quarter, 10% of CFOs or less plan to spend less on cybersecurity.
Resilience is a key
Plan for every scenario
In addition to improving IT assets and augmenting cybersecurity controls, companies can drive growth by building cyber resilience into their organizations. This is built by creating a team composed of key people throughout the organization who would be crisis-mode responders in the event of a cyber incident. This team should meet regularly and practice cyber incident scenarios.
One of the issues this team would discuss is disclosures, as new regulatory requirements are emerging that may compel reporting of a cyber incident within just a few days. The Cyber Incident Reporting for Critical Infrastructure Act of 2022 requires the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments to CISA. Additionally, proposed amendments to the New York State Department of Financial Services Part 500 Cybersecurity Regulation (23 NYCRR Part 500) would require such timely reporting for covered entities.
Meanwhile, Han predicts that automation will emerge as a key element in cybersecurity in the coming years.
“We don’t have enough humans and talent for all the cybersecurity jobs,” Han said. “Globally, we’re 2.7 million jobs short from a cybersecurity perspective. We don’t have enough humans to do it. Automation is definitely a key focus for gaining more visibility, quicker response time, quicker remediation and quicker detection.”
This will be yet another technological opportunity that companies can take advantage of in their continuing quest for growth.
Derek is a Principal in the Advisory Cyber Risk Services Group. Derek has eighteen (18) years of professional experience in information security and IT risk consulting.
- Technology and telecommunications
Sonny D. Origitano
Sonny has extensive experience in pre-close and post-close integration and separation strategy and execution including; one-time cost identification, stand-alone financial and operating models, synergy identification, stranded-costs reduction, transition service agreements (TSA’s), day 1 readiness and contract analysis to maximize or preserve value throughout the transaction life cycle.
- Transportation, logistics, warehousing and distribution
- Retail and consumer products
- Private equity
Explore the many elements of growth
Our featured strategy insights
No Results Found. Please search again using different keywords and/or filters.