Cyber security consulting: not just about great technology solutionsTuesday 31st May, 2016By Margaret Cameron-Waller I recently visited PwC’s cyber security experience centre in Florida. This showcased the impressive breadth of work the firm is doing in this area, but was a very timely visit because cyber is such a hot topic globally amongst the clients we interview. Cyber is consistently one of the areas where clients anticipate that spending on consulting will increase and where they can make a clear case for investment. “There’s no limit to how much we’ll spend on this,” is a much-repeated message from our interviews. Our research also tells us that technology firms dominate clients’ choice of firm when they are considering consulting support. This is interesting because, while technology is the foundation of any successful cyber response, it’s unlikely to be the complete panacea. Take, for example, the recent hack of Ashley Madison. The data breach of this previously little known firm received off-the-scale media coverage due to the firm’s positioning as an online dating site for married people. 33m accounts, containing financial and some (very) personal information, were compromised. The full story behind the hack is still to be heard, but what is apparent is that there were some big gaps in data operational management: weak algorithms around passwords, failure to delete data properly, and data held in a single rather than split location, to name but a few of the issues that have been alleged. It’s a timely reminder that you can have the very best technology in the world, but it counts for nothing if you don’t have equal focus on policies and processes. We’re not suggesting here that clients won’t want support on cyber technology. They absolutely will and all indications are that they will spend big with consulting firms to secure the right solution. Rather, this is a point about proposition. We’ve previously suggested that the cyber security opportunity isn't about who gets there first, it’s about who’ll work out what the long-term client solutions are. So, this poses the question: is there an opportunity to differentiate by talking to clients in a more holistic way about cyber? One that doesn’t start with technology but gets there by understanding the surrounding elements: processes, staffing, skills and behaviours, for example. It’s surely an approach that today’s stressed CIO, bombarded daily with promotions of new cyber technologies, would be interested to hear more about. Blog categories: |
Add new comment