Interesting article from the team at Osborne Clarke focusing on mitigating cyber risk during digital transformation projects.  

The first and most important raised, which I totally agree with, is that cyber does not mean IT - it is much broader and deeper than that.  Although attacks may manifest themselves through IT systems, how organisations mitigate the risk and respond if there is an incident involves many more facets than just IT.

Secondly, cyber does not lend itself to a "one size fits all" solution. Every organisation needs to understand their own risk exposure, how they mitigate against the risk and how they manage, via insurance or increased controls, as well as any unacceptable gaps.

Organisations should also ensure that they regularly seek independent advice on their cyber security measures to avoid complacency and to bring fresh eyes to the situation.  It is important, again, that this advice is focused on more than just the technical aspects, and also incorporates human, organisational and procedural elements.  IT alone will not solve the problem!

Finally, organisations should ensure that they test any response plans that they have - they do not want to be trying them for the first time in a "live" situation.

These points, which are discussed in the article, are not exhaustive but one thing is for sure: cyber cannot be an afterthought - it must be considered from the start of any digital transformation project.