Security isn’t just about risk and resilience. It’s also about trust and competitiveness
“No Alarms and No Surprises” – Radiohead’s sombre anthem sums up the state of security every business dreams of. An increasingly impossible dream unfortunately, as threats from terrorism, cyber-crime, fraud, systems failures and more have made security a boardroom issue and an essential part of good corporate governance.
The threats to business security are manifold, with new dangers such as ransomware seeming to appear out of nowhere. However, some risks are worth taking and there will always be a trade-off between greater security and cost, resources and inconvenience.
Although security increasingly requires resilience, both mental and operational, Jarno Limnéll, Professor of cybersecurity at Aalto University, believes the strong negative stigma often attached to security is unfortunate. In a recent article, he says that security should not only be about threats and risks. Rather security provides the opportunity and freedom for business and societies to prosper and build competitive advantage.
“Security is closely linked with trust,” says Limnéll “Today’s questions about security are more and more questions about trust. What and whom can we trust in this rapidly changing, post-truth world? For example, the customers’ level of trust with a company directly affects that company’s value.”
Limnéll calls for a holistic approach to security and an understanding that the physical and digital operating environments are becoming increasingly intertwined. “We must be able to observe security as a whole, with the digital environment as an inseparable part – without over- or underestimating it. I believe that in the future we will abandon the concept of cybersecurity and only talk about security. After all, the borders between the various sub-areas of security are to a large extent artificial,” he says.
Creating the organizational culture that views and manages security in the holistic and positive way Limnéll recommends requires leadership. And leadership is particularly essential in navigating the security aspects of digitalization and the accelerating pace of technological developments. Getting this right enables security to become a source of competitive advantage and ensures people’s continued trust in the benefits of technological development.
Referencing a survey commissioned by the Prime Minister of Finland’s Office on the current situation and future of cybersecurity, Limnéll highlights two key points:
“First, a cyber-secure society attracts investors, and consequently businesses that manufacture secure smart devices earn the trust of consumers. As regards cybersecurity, we are living in an era when a new kind of security culture is being created, and right now we have the opportunity to highlight security as a positive competitive factor.”
“Secondly, leadership is the most important area of cybersecurity that we should develop in Finland. This security leadership requires strategic understanding and commitment and the establishment of a responsible security culture.”
Finally, Limnéll predicts that ‘communications’ will be an area of the security landscape that will expand considerably in the years to come. “Security and the provision of security are factors that will increasingly affect people’s impressions and emotions in the future. Changing things ‘in the real world’ is not sufficient if this does not change people’s understanding and impressions – not to mention situations in which things do not go as planned. The improvement of communication skills forms an essential part of security development.”
Jarno Limnéll is Professor of cybersecurity at Aalto University with more than 20 years’ experience in the field of security. He is an intsructor in various programs by Aalto EE and Aalto PRO for example in new Aalto Executive MBA in Security and Risk Management program. It is designed around the major areas of strategy, leadership, security and risk management.