For years, cybersecurity was often viewed as an IT cost centre – a necessary, albeit begrudged, expense. However, the landscape has fundamentally shifted. Today, trust and privacy are significant consumer decision factors.

Senior director of cybersecurity at NTT DATA, Tom Cooper, says we’ve moved from risk mitigation to value creation.

“Trust has a considerable bearing on a customer’s choice – they actively choose who to bank with, fly with, and share data with, based on confidence in how their data is handled and protected.”

This consumerisation of security means that robust privacy, transparency, and safe digital experiences are integral to a business’s value proposition and a genuine competitive advantage.

Navigating the AI-powered threat landscape

The professionalisation of cybercrime, coupled with the rapid advancement of AI-powered techniques, presents an increasingly complex challenge for leaders. The most significant change, according to Cooper, is speed.

“It’s not just Nation State threat actors that are getting more effective, it’s that lower-sophistication attackers are ‘levelling up’ with the use of AI, making their phishing attempts, for example, more realistic and their attacks more effective.”

With AI-driven exploits occurring at never-before-seen speeds, organisations must prioritise earlier detection and automated, well-governed responses to contain threats at machine-speed.

Quantifying the cost of inaction

The broader business impacts of cyber inaction, such as reputational damage and operational disruption, can be far more devastating than the immediate financial costs of a breach. Leaders must move beyond technical jargon when communicating these risks to their boards.

“The entire conversation needs to move from ‘what does this technology do?’ to ‘what business impact does this mitigate?’ or ‘what does this mean for our customers?’” Cooper advised.

This involves quantifying risk in terms that resonate at the highest levels, linking security investment directly to protecting business assets, ensuring operational continuity, all while maintaining customer trust.

Adopting a risk management framework aligned with business objectives, perhaps using a simple heat map of threats against critical assets, can make these discussions more impactful.

Using AI as a shield

While AI amplifies threats, it also offers powerful defensive capabilities. AI can dramatically reduce the time between identification and containment by analysing vast amounts of data in real-time to detect anomalies. It can also proactively investigate risk exposure, hardening a business against attack in ways manual processes cannot match.

The key to safely leveraging AI, Cooper explains, is a “secure by design” approach. Security and privacy must be embedded into the AI’s architecture from day one, with strong data governance, strict access controls and continuous monitoring of AI models to prevent new vulnerabilities.

Effective incident response

An incident response plan is a necessity. However, a common pitfall is creating a plan only to leave it untested.

“An untested plan isn’t a plan, it’s a document,” Cooper said. “Effective drills must simulate real-world pressure, involving technical teams and also legal, communications and executive leadership. Establishing a clear chain of command before a crisis hits is paramount to ensuring a managed, contained event rather than a business-ending one.”

Addressing Australia’s cybersecurity skills gap is a significant challenge. Leaders must invest heavily in internal upskilling and create clear pathways for talent from diverse backgrounds, including IT, finance and risk, to transition into cyber roles.

Fostering continuous learning and building a culture where security is seen as a viable and exciting career for a diverse range of individuals will be crucial for building a resilient cyber workforce.

Cooper points out that businesses will soon have a hybrid workforce composed not just of people, but of AI agents. Imagine a company with 100,000 human employees and 200,000 AI agents, all performing tasks and accessing data as if they were human. This presents the next great identity management and security challenge.

“The question for businesses then needs to be; how do you manage their activity; how do you secure them; and how do you always provide the least-privileged access?” Cooper said.

Ensuring network and cloud infrastructure is ready for this capacity is a complex problem arriving much faster than many leaders anticipate.

Embedding cybersecurity for future confidence

To move from a defensive posture to one of end-to-end resilience, organisations must embed cybersecurity into all areas. This means viewing security as a crucial component that enables transformative experiences, rather than an obstacle.

“Integrating cybersecurity resilience as a core contributor to these new AI-driven experiences enables organisations to move forward with confidence, rather than fear,” Cooper concluded.

“For Australian business leaders, digital trust isn’t an optional extra. It is the foundation upon which future success, innovation and customer loyalty will be built.”

________________________________________________________________________________________________________________________

NTT DATA is a trusted global innovator of business and technology services and is committed to helping clients innovate, optimise and transform for long-term success. Learn more about NTT DATA.

Read our policy on commercial content here.

________________________________________________________________________________________________________________________

More related stories

Editorial

Scenic unveils new addition to ultra-luxury fleet

The newest addition to the Scenic Discovery Yachts fleet, Scenic Ikon, blends discovery with world-class design and comfort.

Read more

Editorial

The incredible culinary experiences you can only have at sea

Up to 10 dining experiences take Scenic Eclipse guests on a culinary journey from Japan to France.

Read more