Will cybersecurity put the brakes on transformation?

There’s no gain without pain, apparently. But the level of pain clients are willing to put up with to transform their organisations seems to be changing.

We all know that digital transformation is big business. No right-minded client would contemplate such a large-scale programme without thinking carefully about the potential barriers and risks involved. But their attitude has been positive, their assumption being that the barriers can be overcome and the risks solved. Moreover, the size of the prize justifies pushing through strategies that may worry some. If an initiative isn’t outside your comfort zone then it’s probably not transformational.

But, with the recent spate of high-profile cybersecurity problems, the worriers are starting to take centre stage. In the last two months, I’ve spoken to half a dozen firms who say that transformation projects have been cancelled or put on hold pending confirmation that all the possible cyber threats have been managed. And, of course, that’s just not possible: new ways of punching through organisations’ firewalls are evolving daily. We’re not, and never will be again, safe. At the same time, how will an organisation be able to justify proceeding with a transformation project when it knows that it may open it up to new cyber threats? Executives, sitting round the board table to decide on whether to go ahead with their investment, won’t like what they hear, that they can’t protect themselves entirely. That’s quite a different situation to one where clients find that their existing systems are vulnerable. In those circumstances, everyone’s keen to fix the problem. But a new project, such as a transformation programme, introduces new risks, ones that could be avoided by not taking action. Inertia could suddenly sound quite attractive.

If consulting firms want the digital transformation market to continue growing at its current rate (20% plus in mature consulting markets), then they need to find an answer to this problem. Ostensibly, that’s comparatively simple, in the sense that larger firms will have both transformation and cyber security expertise in-house. The challenge, though, will come from joining these two capabilities up, to being able to give the client an integrated experience, not a disjointed one, despite the very different skill sets and, frankly, cultures involved in these two types of work. Put a design expert in a room with a security consultant, and you’ve got a fairly combustible situation.

But fail to put them in a room and get them to work together and you’ve got a much, much smaller transformation market. The choice is yours.