Blog Posts Business Management

Enterprise cybersecurity: where do you begin?

Blog: Capgemini CTO Blog

Our always-connected world makes businesses more agile, efficient, and profitable. A connected enterprise also allows near real-time visibility and control over most dimensions of business. Reads like a happy story. There is a flip side to the connected enterprise, however. With almost each new instance and mode of connection, opportunities for malicious intent and cyber risk increase. We frequently hear of big and small corporations being hit by cyber-attacks and suffering consequent financial and reputational damage.

Do these attacks imply that the organizations that were hit did not have cybersecurity set up? Or, did they inadequately prioritize cybersecurity? I am sure the answer is a big NO. Most of them had security setups, tools, outsourcing partners, and processes. They were still hit. The reality is that no one can guarantee bulletproof security. But this certainly does not mean that an organization cannot aspire for a proactive and fit-for-purpose cybersecurity posture.

Corporations today will have shiny security tooling, and most will also have outsourced their security to a strong service provider, giving a sense of being well protected. The moot question is whether they honestly feel they have outsourced their cybersecurity risk to the service provider? And are they indeed getting return on investment on their security tooling and allied frameworks? Believe me, these are tough questions to answer.

Let’s look at the real situation. The security function in most cases has grown out of the evolving and expanding IT function and often organizations haven’t really looked at the design of their security organization in view of their business needs and emerging threats. Security in most cases is a bolt-on function, and often there is lack of direction in terms of a well-thought-of and articulated cybersecurity strategy and road map. Don’t be surprised to find cybersecurity as a couple of paragraphs or pages of the IT strategy/policy document and a subset of the IT budget. The correctness of the CISO reporting to the CIO has been a point of debate for a while now.

What should be happening is a formal business aligned assessment of the internal and external cyber risks, their prioritization and a cybersecurity vision and strategy document aimed at ensuring the optimal security posture for the corporation covering organization, operations, assets, tooling, compliance, and risk.

Recent cyber-attacks have shown that corporations can come to an absolute standstill when under attack and the period of rebuild and recovery is long. Some large organizations that were hit by WannaCry took three to four weeks to get their IT back on road and one can well understand the loss of operational productivity and the resultant financial impact. If there was data loss involving PII, the story gets darker.

So, what do you do? Just hope that you are not going to be hit? Certainly not. It’s never too late to make an earnest start. There are some options you could consider, let’s take a look:


Look at your current set up and just get the basics right.


Roll up your sleeves and take a hard look at your defensive posture and start asking tough questions.


Align with the long-term business vision and strategy.

Depending on where you are on your cybersecurity maturity, you need to decide where to begin!

To find out more about how we can help you, visit our Cybersecurity services page.

Samir Khare is a Cybersecurity expert responsible for delivering cybersecurity services to 160 plus global customers and also security portfolio development aligned to business needs and security technology evolution.

Follow Samir Khare on LinkedIn.

Leave a Comment

Get the BPI Web Feed

Using the HTML code below, you can display this Business Process Incubator page content with the current filter and sorting inside your web site for FREE.

Copy/Paste this code in your website html code:

<iframe src="" frameborder="0" scrolling="auto" width="100%" height="700">

Customizing your BPI Web Feed

You can click on the Get the BPI Web Feed link on any of our page to create the best possible feed for your site. Here are a few tips to customize your BPI Web Feed.

Customizing the Content Filter
On any page, you can add filter criteria using the MORE FILTERS interface:

Customizing the Content Filter

Customizing the Content Sorting
Clicking on the sorting options will also change the way your BPI Web Feed will be ordered on your site:

Get the BPI Web Feed

Some integration examples