Option Piece: Dr Daniel Prince, Lancaster University

Digital systems are pervasive in modern business. Their utility enables small businesses to act on the global stage with the same presence as might corporate juggernauts. Their flexibility facilitates creative opportunities to inspire new business practices, goods and services.

But with this enormous potential comes the well-publicised downside. Not a day goes by where there is not a news story of an impactful cyber attack causing economic loss. Or some other fictional movie or TV villain using cyber attacks to thwart the story’s heroes and heroines.

The question is, how do we marry those two sides of the coin? How can we realise the benefits while tackling the problems head-on? It is for this purpose the Greater Manchester Cyber Foundry was formed; the foundry is here to drive business revolution and growth with cyber innovation.

What is Cyber Innovation?

First, it is important to understand what cyber innovation is. Within the Foundry, cyber innovation is considered to be technology and business practices rooted in cyber security practice. This can be new advances in cryptographic systems to protect innovation. New forms of authentication, including biometric identities. The development of organisational approaches to increase the value of customer privacy.

Some see cyber innovation as a subset of a broader digital innovation agenda. However, there is a specific culture and mindset that runs alongside cyber focused innovation, which is, protection first. Protect the systems; protect the data; protect the business process; and most of all, protect the client.

It is this culture of innovation and protection the cyber foundry seeks to harness and develop in those companies we work with. Through adopting cyber innovations and cyber innovation culture, companies will be better placed to respond to and prepare for cyber attacks.

How does Cyber Innovation lead to better Cyber Security?

The quality of cyber security advice has significantly improved over the last decade. The current cyber essentials advice from the National Cyber Security Centre (NCSC) will help to protect the majority of businesses from 80% of the known cyber attacks. But still, companies are being successfully attacked. Something clearly needs to change.

The primary issue is that while the quality of the advice has improved, security and protection is still being treated as an addition. An extra element that can be added later to the business practice or the offered good. This is largely based on the assumption that digital technology is an addition to the business practice; that businesses can operate without digital technology.

Do these assumptions hold true any more in the modern business age? In some ways, this assumption of the necessity of digital technology is not being addressed due to technology creep; for example, consider how our business phones are now high powered portable computers. What was once simple functionality is now being replaced by highly complex systems and software. Like boiling a frog alive, we have not noticed that in business we are now dependent on digital technology.

It is this dependence which is forcing a revolution in the way we need to think about business. We can no longer follow the simplistic development model of the idea to design to digital implementation to then adding security. Businesses need to think beyond digital-first, to Secure Digitalisation.

Cyber Innovation is at the heart of this secure digitalisation of businesses. It has both the technological element and the cultural practices to ensure the original business idea incorporates all the protections necessary. It drives security and protection first culture.

Through the adoption of cyber innovation practice, the security outcomes that are being sought through a scheme such as cyber essentials, become emergent rather than imposed. The protection is intrinsic throughout the business culture, practice and the products offered. It is not about teaching to the security test, it becomes about taking the right action first time, every time.

Cyber innovation leads to better cyber security because it puts it at the beating heart of the business. It is no longer an extrinsic bolt on to the business. It is this revolutionary shift in business practice which the Foundry is capturing and developing in the Greater Manchester business community.