The business impact that COVID-19 has wrought on companies varies widely. The state of impact and business loss significantly correlated to the progress of a company’s digital transformation.
Online meeting/collaboration tools reported 40% growth almost overnight (along with new cyber security scrutiny) – enabling online family/friend gatherings and even happy hours. Smartphone-enabled meal-delivery apps take the torch for desperate restaurant owners who can’t open their dining rooms to the public in many states and countries. However, not everyone’s business has such a clear-cut roadmap to digitization of their business model.
Where companies stand in their digital transformation journey can largely be broken into three types:
- Digital Delayers – laggards, low digital maturity, and typical resistance to change. Why fix what’s not broken?
- Digital Dabblers – embracing remote work and eCommerce, but more in pockets or experimenting. They may launch multiple uncoordinated initiatives to see what sticks.
- Digital Drivers – have invested significantly with meaningful results in their digital transformation. The drivers embrace their transformation as a mindset and new ways of doing things.
Who Is in the Majority?
Of the three types, most companies fall into the middle category, Digital Dabblers. They know digital is important, they know they may face a tipping point of disruption, and they have had some investment in their digital transformation. However, the realities of running the business and making growing sales targets have overshadowed digital transformation as a priority. At the same time, the broader C-suite may have not felt the same urgency and alignment with the CIO and IT department.
How Can Companies Leverage This Crisis?
Mike Meadows, former CTO of Eli Lilly and Company and now an independent consultant, said, “Because of this crisis, I have seen small businesses think and behave in ways they would not have considered before. And, I have seen large businesses take advantage of the crisis and related sense of urgency to drive existing change implementations more aggressively. The lack of a burning platform is often the biggest inhibitor to change…the platform is clearly on fire so take appropriate advantage of that!”
Many companies are leveraging this disruption by accelerating their digital initiatives to keep the lights on and let people continue to work. Remote work, collaboration suites, VPN, and mobile initiatives are all pushing ahead as fast as possible. Making these rapid changes is essential to keeping the business solvent, but it’s critical for leadership to anticipate the long-term impact of these enabling decisions, and to thoughtfully plan for what the new normal looks like once the current crisis abates. Organizations need to also keep cybersecurity controls in mind as they move more rapidly than ever before.
What’s the Best Plan Now and Post-Crisis?
Digital Dabblers often enable these tools without the typical thorough security planning and rollout. We recommend companies make cyber security a focus: Take time now to evaluate risks/controls, verify collaboration tool configurations, and possibly roll back some high-risk features. Developing policies and guidance so employees know what’s expected and how to work securely when remote is also critically important; but think of creative ways to educate the workforce vs long policy documents. Lastly, as work moves outside the office, many companies discover their incident management and incident response capabilities change. This is a good time to update your incident response plan to address how you would handle a cyber security event while everyone is remote.
The current crisis – and “burning platform” – opens the opportunity for leaders to define what digital transformation means for their company, seek alignment, and begin taking steps now. We have found companies can get stuck by either not thinking about security or overthinking it and failing to enable value. There is a middle ground, and we’ve helped many companies navigate this terrain successfully.
Aaron Pritz, co-founder and CEO of cybersecurity firm Reveal Risk, is a former Eli Lilly IT and security senior IT/Security/Privacy/Risk leader with over 20 years of experience.