A post-COVID corporate cybersecurity: a silver lining?

There aren’t many well-established businesses that don’t regard digital transformation as one of their top priorities. And while there is yet no universal agreement on what it exactly entails, it is widely considered a megatrend. Moreover, as the COVID-19 lockdowns pushed employees into home-based working, digital transformation has become a rapidly accelerating megatrend.

A key element of the ongoing digital transformation will be a paradigm shift from a centralised “on-premises” type of IT architecture to a distributed - Cloud-based one. This shift is still in its early stages but we expect it to extend to most sectors, geographies and industries. It is not just about changing the way companies connect their employees to internal computer resources, the Internet and various applications. It will also be about cybersecurity, which today is more important than ever.

Cybersecurity and ESG

Cybersecurity has a direct and significant impact on environmental safety, partner relationships, and the security of sensitive data, as well as of employees1. All that has serious implications on social and governance aspects of corporate activities, as well as companies’ sustainability profile.

“The extent of board buy-in on cyber security can be a good litmus test for the effectiveness of a company’s approach to cyber risk”, pointed out Principles for Responsible Investment (PRI), the world’s leading proponent of responsible investment. In addition to governance aspects of cybersecurity, there are also social aspects, which include the security around the collection, retention and use of sensitive, confidential, or proprietary customer data.

This has led many companies to include updates on the ESG aspects of their cybersecurity resilience in annual sustainability reports. Whilst this is a welcome development, we must say that companies tend to customise metrics they report2 because there are still no standard reporting requirements in this area.

What has changed?

Only a few years ago, corporate networks had to facilitate access and provide security for connections predominantly from employees’ office computers. On the rare occasions when employees required remote access, a VPN-type application (virtual private network) was used.

The main security feature of such centralised networks has been a perimeter (firewall)designed to screen both incoming and outgoing traffic.

However, the COVID-19 pandemic lockdowns and restrictions have made remote working a necessity, for which the old centralised IT infrastructure was not designed for. Its limitations have been tested as companies experienced thousands of employees (in some cases) logging in remotely from thousands of locations, with some people perhaps using unsecure laptops and tablets. Employees abandoned their office PCs, and system vulnerabilities and potential entry points for hackers have extended well beyond the old familiar “firewall”.

A silver lining

Cloud-based IT infrastructure has been an obvious alternative to the traditional centralised model for some time now but the pandemic has brought it to the fore. We expect the broader migration to the Cloud to speed up.

The emergence of several providers of Cloud services, such as AWS, Microsoft Azure and GCP, has helped to create a new broader vision about IT infrastructure. In the past, hardware and software such as servers and databases had to be acquired and managed by the companies themselves. Today, IT infrastructure can be outsourced as a “IaaS” (Infrastructure-as-a-service3), together with all the applications and software that are required - Software-as-a-Service4 (SaaS). These new service options have attracted strong interest from many listed companies, with an average company now using 100+ SaaS applications.

The emergence of the Cloud offers companies the kind of flexibility and scalability which they did not have before.  It also offers a different kind of security. Security based on a central perimeter allowed authorised users to access virtually everything on that network. Clearly, this would pose a significant risk when a request for a connection comes from outside the organisation, and its security perimeter. That is why cybersecurity today is much more centered around a concept of “Zero Trust”. Every request from a known user to access a service, such as Salesforce, Office 365 or Zoom, is validated separately and the connection with that service is severed again once the user closed the application.  That way access is only allowed to the applications the user needs to use and no lateral movement around the network is permitted.  

As companies update and develop their approach to cybersecurity, they are helped by the tailwinds from the recognition of its ESG credentials, as well as the need for change stemming from the new working environment. Undertaking the “Move to the Cloud”, as we call it, and strengthening their cybersecurity will benefit businesses in the long term, in more ways than one. Being a silver lining of the COVID-19 crisis, we are strongly convinced that these positive trends are here to stay for the foreseeable future.  

Our team applies its expertise in innovative technologies, digital transformation and cybersecurity to follow closely a wide range of ongoing developments and target the companies that stand to benefit from the accelerating market trends in these fields.

1 https://www.darkreading.com/risk/new-report-links-cybersecurity-and-sustainability
2 https://thestack.technology/cybersecurity-esg-reporting/
3 https://en.wikipedia.org/wiki/Infrastructure_as_a_service
4 https://en.wikipedia.org/wiki/Software_as_a_service

  • Johan Van der Biest
    Co-Head of Thematic Global Equity

Find it fast

Get information faster with a single click

Get insights straight to your inbox