The covid-19 pandemic, changing perceptions and more are set to drive cybersecurity and AI innovation, say Forensic Risk Alliance partner Britt Endemann and chief innovation officer Harsh Sutaria.
This article was first published in Global Data Review.
Last year, research by Risk Based Security revealed that the number of data breaches that occurred in 2020 increased to a staggering 36 billion. Perhaps more significant were the hefty fines issued by regulators around the world on corporations for compliance failures, including those levied on Marriot and British Airways, which ran into the millions.
While data privacy and compliance were cast sharply into the limelight in 2020, there will be more noise around these issues in 2021 as the widespread shift to remote and virtual working takes effect. This shift, which was emerging prior to the onset of the pandemic, has opened companies up to more cybersecurity dangers and the risk of compliance breaches. This, coupled with the inevitable crackdown by regulators as the pandemic eases, is driving more demand for innovative technology solutions. But perceptions around many solutions, such as AI, and their deployment are changing; this will become clearer in 2021.
Tech innovations around cybersecurity
The pandemic has changed the world of work in unimaginable ways. The near-total shift to virtual and remote working, which is set to stay with us long after the pandemic is over, has been one of the biggest changes. One inevitable effect of this will be an increase in virtual and tech-driven collaboration; while this is set to be a largely positive development, it will also make companies more vulnerable to data hacking and other forms of cyber-attacks. In fact, research suggests that remote workers have become the source of up to 20% of cybersecurity incidents, and another study points to a 400% increase in attacks since the beginning of the pandemic, with the UK’s National Cyber Security Centre (NCSC) revealing that 25% of all cyberattacks last year were linked to the pandemic. Many companies will look to technology to protect themselves.
Changing perceptions around technologies and those set to define 2021
A growing focus on cybersecurity will lead to changes in perceptions around the function and purpose of certain technologies. AI, automation and robotic automation will still be deployed to improve operational efficiencies and cut down costs, but there will be an increasing emphasis on security, with many companies prioritising this over cost. This heightened concern and awareness is highlighted by a growing number of businesses seeking information from their law firms on the whereabouts of their data and how it can be accessed, as well mandating law firms to protect their information.
Perceptions around how technologies are to be deployed are also changing, with many companies now preferring a customised approach to a one-size-fits-all package. This is because they now realise that the former simply doesn’t exist. As part of a customised package, companies may seek three or four products instead of just one. Moreover, there is a growing appetite for solutions that are not in the mainstream – or rather, ones that other businesses aren’t using – because this gives companies a competitive edge. An increasing number of businesses are also coming to realise that technology solutions, particularly new ones, aren’t necessarily the finished product, but are perfected over time.
Spotlight on AI solutions
AI has become a big buzzword in recent years, as businesses across different sectors have sought to incorporate the technology in their operations and supply chains. Despite the initial excitement and enthusiasm generated around its adoption, it’s set to face growing scepticism this year as perceptions around its exposure towards cybersecurity gain traction. Now and in the future, companies across all sectors are likely become more cautious in how, and to what extent, they use AI.
Looking at how the technology has historically been used, companies have much to learn about its implementation. There is a common misconception that it can be used on its own, but this is not true: to function properly and effectively, it must be used together with hardware and other infrastructure. It must also be governed by a system of checks and balances to ensure any potential risks to security are mitigated. The first step towards successful implementation involves companies asking themselves: What problem am I trying to solve, how am I going to solve it and what resources do I have to solve it?
But even if it is to be implemented correctly, there are various challenges that may get in the way. The first is a human factor. The second is trust, especially amongst organisations who want to innovate. The third is culture: a risk-averse way of thinking often pervades the minds of many senior decision-makers within businesses, meaning their focus is solely on short-term revenue-generation, as opposed to risky yet potentially beneficial technology investments. Key to overcoming these barriers is a complete mind-shift change and the proposal of smaller investments into AI and similar technologies to leaders to achieve buy-in.
Compliance performance and challenges
Underpinning the new cyber landscape and tech trends are corporate attitudes towards data privacy regulations. Until now, many companies have struggled to adhere to such regulations. While the pandemic has given some relief to businesses, regulators will crack down hard this year on those companies failing to comply. Consequently, there will be a big effort to improve practices.
With many issues to consider from a technological, regulatory, and operational perspective, some companies will implement these more easily than others. Those in the technology and banking sectors, for example, will be particularly adept at this – not just at implementing technologies but also seeking guidance on how to change their business operations. This approach recognises that technology cannot solve compliance issues on its own and highlights a shift away from decades-old policies of growing a business and streamlining operations for the benefit of customers and revenue.
Many other sectors will be slower to enhance compliance. It is therefore imperative for regulators to start issuing more direction and guidance around the rules in order to help such companies understand and overcome the complexities.
Whatever the outcomes of these agreements, data protection officers will become more active this year and there is unlikely to be a flat-out mandate for compliance – instead, there will be a slow transition to understanding.