How to manage cyber risks without destroying business continuity and innovation

We can’t eliminate the security threats posed by remote working, cloud services and platforms. Like COVID-19, companies just have to learn to live with the risks, according to Professor of Innovation and Strategy, Louise Muhdi, and Professor of Digital Strategy and Cybersecurity, Öykü Işık.
October 2020

Digital platforms such as Zoom and MS Teams have kept companies afloat during the pandemic. But this rapid pivot in the way we work has exposed big gaps in cybersecurity – both for service providers and customers.

Following a raft of well-publicised horror stories, from “Zoom bombing” to malware attacks, many executives have come to question adopting third-party virtual platforms and cloud services.

“These platforms gave us the opportunity to continue business, but organizations also found themselves in a little bit of deep water – a space that represented a higher security risk for them,” said Muhdi, during the Leading in Turbulent Times webinar, “How to build digital resilience around open innovation.”

An IMD poll found that 94% of webinar participants had adopted Zoom this year, with 83% working with MS Teams and 71% using Skype. A second poll showed 68% of participants were at least moderately concerned that the pandemic had impacted their organization’s cybersecurity and data privacy.

“When you take a step back and see the bigger picture, Zoom is only one example of platforms that soared in the pandemic and also struggled with cybersecurity challenges,” said Işık.

However, the answer is not to abandon the tech, argue Muhdi and Işık, because it is clearly necessary for business continuity, collaborative innovation and competitiveness.

Instead, companies need to understand the risks that come with emerging digital services, and that cybersecurity is a shared responsibility, not just the domain of the service provider.

“There is no 100% secure system,” said Işık. “There are those that are hacked and those that will be hacked – this is the reality today. The focus should be on managing and mitigating the risks.”

Muhdi and Işık offered three key insights to help organizations adapt to new technology with confidence, while mitigating the risk of cyberattacks or data loss.

Tech is an enabler, not an inhibitor

Zoom is not the solution for everything – a mix of platforms might be needed to do the job. It can take time to find the right technology solutions for your specific business needs. Experiment with the different online communications and collaboration platforms out there to learn about and identify the ones that match your requirements.

Stay informed

Just like our pandemic-hit world, the tech industry is evolving at a rapid pace. This means there are new tools and platforms emerging all the time. It’s important to keep yourself up to date and to follow these developments. You never know, the ideal solution for your needs could already be out there.

Know your responsibilities

You are the data owner and you have to take ownership. What are your responsibilities? What are the cloud service provider’s obligations? Where does the balance of shared responsibility lie? This depends on how you use your data and what kind of data it is. Is it a commercial asset? Is it business critical? Is it a compliance issue? Have that conversation internally and with your provider.

Move to a “manage and mitigate” mindset

It is not possible to eliminate all the risks when it comes to cybersecurity, especially when businesses rely heavily on remote working and virtual platforms. No organization has an unlimited budget or enough personnel to combat all the threats. Instead, companies should learn to accept, manage and mitigate the risks as part of a trade-off in return for the obvious benefits and competitive necessity of embracing technology in a much-altered environment.


Research Information & Knowledge Hub for additional information on IMD publications

Discover our latest research
IMD's faculty and research teams publish articles, case studies, books and reports on a wide range of topics