A cybersecurity strategy is not solely about managing risk across a business’ IT infrastructure. The stakes are especially high for organizations in highly regulated industries because they can be exploited through their digital supply chain, giving hackers access to consumers’ valuable and sensitive data. Consequently, these data breaches can rattle customer trust and the confidence of regulators.  

When done correctly, cybersecurity can be a strategic initiative that supports product capability, organizational effectiveness and customer relationships. As enterprises scale infrastructure and systems to manage sensitive data and complex workloads, they must rely more on an ecosystem of partners to help them enhance their security and compliance without impacting performance and resiliency.  

Minimizing breaches and vulnerabilities  

As more enterprises adopt technologies to help solve their data security and privacy concerns, the lifecycle of a security breach becomes more integral to the overall financial impact to the organization. This is especially important for companies in highly regulated industries as they are consistently tasked with protecting the privacy of sensitive consumer data—such as the personal information found in financial and health records—while remaining in adherence to the latest security and compliance requirements. 

According to the 2023 Cost of a Data Breach report conducted by Ponemon Institute and sponsored by IBM, breaches with identification and containment times under 200 days cost organizations USD 3.93 million. However, those with a breach lifecycle of over 200 days cost organizations USD 4.95 million—a 23% difference. Moreover, cloud environments were identified as frequent targets for cyberattacks in 2023. These attackers often gained access to multiple environments, with 39% of breaches spanning multiple environments and incurring a higher-than average cost of USD 4.75 million. 

IBM is supporting clients across industries in their cybersecurity journey by providing comprehensive security capabilities to help make it easier to simplify their risk management and demonstrate regulatory compliance postures. The data security capabilities that are provided by IBM Cloud® Hyper Protect Crypto Services help clients on their confidential computing journey by providing complete control of cloud data encryption keys and cloud hardware security modules. It also offers the industry’s only Keep Your Own Key (KYOK) for data encryption at rest. This solution allows clients to retain sole access to their crypto keys, meaning not even IBM has access to clients’ keys. 

Collaborating with the right partners to support security goals  

Fortris, based in Spain, provides companies the tools to hold digital assets and utilize them in business operations such as cross-border payments and payroll. Fortris is aiming to improve its digital asset treasury operations platform by using confidential computing capabilities available through IBM Cloud Hyper Protect Services.  

This collaboration allows Fortris’ clients to address the risk of malicious actors to manipulate or gain access to company workflows, confidential data, and digital assets. The KYOK capability from IBM allows Fortris to protect data end-to-end while at rest. It also allows Fortris’ corporate users to leverage enhanced tools to operate with digital assets while minimizing security risks with full control over their digital asset keys.  

Innovation with a security-first mindset  

We see fintechs playing a heightened role in helping enterprises securely manage the growing market demand for digital assets. With this shift, fintechs are also looking for cloud services and providers that can help them navigate the regulated world of financial services more seamlessly and support greater levels of security for their cloud infrastructures.  

Togg, a global mobility technologies and ecosystem provider that offers digital asset custody wallets, is working alongside Swiss-based fintech Metaco to help secure the custody and governance of digital assets such as cryptocurrencies and tokens. Togg’s primary goal is to build a secure platform based on a newly created token for all their consumers to use. The tokens are linked to different assets such as a certificate of ownership of a car that was purchased or carbon tracking and trading certificates to support sustainability metrics. These assets can be vulnerable to malicious actors that are looking to access these highly valuable assets and confidential data and they require security capabilities to help mitigate these threats.  

Both Togg and Metaco also use KYOK encryption and confidential computing capabilities to protect data when it is unencrypted and most vulnerable. This protection is achieved by using a hardware-based trusted execution environment (TEE) that provides security and isolation to address unauthorized access to applications and data while they are in use.  

Supporting cybersecurity initiatives through collaboration 

The key to driving enterprise innovation and agility at scale is first developing a holistic cloud and security approach to support digital transformation from the onset. Along with making the necessary investments to bolster a well-defined cloud strategy and working with a provider that delivers high levels of resiliency and reliability, enterprises should be leveraging an ecosystem for support to help mitigate various levels of security risks that need to be managed before they become a problem.