As cybersecurity and business operations become more interdependent, corporations ought to start looking at cybersecurity as a fundamental component of their broader innovation strategy.
Today’s pace of technological disruption incentivizes corporations to prioritize speed to market and internal cybersecurity teams cannot always keep up. In a race to roll out new products fast and to stay ahead of competitors, organizations practicing rapid innovation are often simultaneously opening themselves up to cyber vulnerabilities.
"In a race to roll out new products fast and to stay ahead of competitors, organizations practicing rapid innovation are often simultaneously opening themselves up to cyber vulnerabilities."
Breaches often occur because important steps were missed in a fast-paced development process, with human error such as writing insecure code or leaving credentials exposed. The more pressure corporations put on their internal development teams to have speed to market, the more likely it is for mistakes to slip through the cracks.
Corporate innovation managers across industries can look at engaging with cybersecurity technologies and security practitioners as a hedge against innovation-induced cyber risks. Enterprises that effectively align their cybersecurity resource planning efforts with their company’s long-term technology innovation agenda are in a better position to stay secure.
Part of the problem is that innovation managers are not incentivized to integrate cybersecurity. Even hacked companies still prioritize rapid innovation over cybersecurity. Despite the fact that companies are experiencing the downsides of innovating rapidly, many are not adequately investing time and resources in preventative measures.
When cyber is not part of a digital business value chain, a trust ecosystem is not delivered and a significant commercial opportunity is missed. Yet still, most CIOs are still prioritizing innovation over risk mitigation, because they don’t want to lose out on speed.
The detriments of innovation without cybersecurity can be seen in today’s rising technology companies like Zoom, who have recently experienced exponential growth due to the pandemic. Zoom did not prioritize cybersecurity such as proper levels of encryption early on in the product development lifecycle. As a result, Zoom experienced delays in rolling out new features and lost consumer confidence at a critical time. The company has since rebounded and is poised to continue to grow, albeit with hard earned lessons about cybersecurity, rapid innovation, and earning consumers’ trust in the rear view.
Another example can be seen in Walgreens’ recent rollout and partial shutdown of a health focused messaging app. While the app offered added digital convenience to their customers, it also exposed their personal data including medical details. The incident could have been avoided had the product innovation team engaged the proper cybersecurity and privacy enhancing technologies earlier in the application development process.
While there is some increase in the relationship between cybersecurity and software innovation as seen in the growing field of software development security operations or DevSecOps, where security is embedded into the process of writing code, this practice is still not universal. This is partly because traditional software development education doesn’t include security training. However, the DevSecOps market is expected to grow at a CAGR of 31% through 2023.
Organizations that succeed in integrating cybersecurity considerations and technologies into their innovation and product development processes, especially for software and application development, will be able to better serve their clients. Organizations that don’t include cybersecurity considerations into innovation processes will inevitably encounter speed bumps and ultimately fall behind.