4 minute read 21 May 2020

Beyond COVID-19: Five ways to protect your organization and help it prosper

By Dave Burg

EY Americas Cybersecurity Leader

Proud husband, father of three. Skiing, tennis and golf enthusiast.

4 minute read 21 May 2020

Leading organizations have pivoted to a different way of working during lockdown and are shaping up for the future. What can you learn from them?

While many have had no difficulty pivoting to a different way of working during the COVID-19 pandemic, it’s highlighted the importance of pre-pandemic contingency planning. Organizations prepared to quickly implement technology to help employees work remotely have fared well. Those that invested in cybersecurity training and infrastructure to keep their organizations safe have quickly created a “new normal” for how they function.

But that’s not to say they were prepared for everything. During the pandemic, leaders have seen a rise in spear-phishing emails targeted at certain employees. Many have been surprised at the efficiency of people working remotely. And video conferencing has allowed collaboration in new effective and engaging ways.

What’s the most inspiring thing we’ve noticed? In our conversations with leading chief information security officers (CISOs) from around the Americas, the best companies are using the impetus of such a colossal economic situation to drive innovation forward. They’re using what they’ve learned to rebound as quickly and safely as possible. Here are some of the measures they’re taking that your executive team could put into action as we begin to look at rebounding from the most recent lockdown.

1)     Examine your business model

We’re at a unique point in time where technology use is largely ubiquitous across the entire planet, and suddenly our needs as humans have shifted. Business leaders have to take a step back and ask big questions: What kind of better experiences do we want to create for our customers? What ways can our people work and how can technology support them? How do we do this without compromising the safety and efficiency of our people and business?

As organizations continue to scale remote workforces at speed, there is a need to understand that today’s scenario could happen again and again. Moving forward, organizations should plan for lockdown periods becoming semi-regular or regular events. And to pivot to lockdown conditions quickly and effectively, now is the time to reevaluate business models and reimagine them for agility, security and productivity. 

2)     Standardize and simplify 

We’ve talked about the need for organizations to pivot more quickly. As we move past the initial shock of the COVID-19 crisis, now is a time to streamline your business, making it more simple, agile, and ready to make massive, unplanned pivots in the future with ease.

One way of doing so is by standardizing and simplifying your tech stack and the third-party infrastructure you use. Going through a simplification process will also make your organization more secure, adaptable and prepared for growth in the long term.

3)     Change your mindset from “outside-in,” to “inside-out”

The lockdown has also highlighted the difficulties of securing sensitive information within today’s business models. What was once secured inside a building is now being stored on devices outside the business setting, opening organizations up to vulnerabilities they were not ready to face. I think of it like a sneeze, where dozens of particles have suddenly been scattered everywhere.

This switch requires a change in mindset. Companies that previously thought about cybersecurity as an ‘outside-in’ approach, where your sole responsibility was to protect the organization from outside threats, should now think ‘inside-out’. One way of doing so is by speeding up the adoption of Cloud technology across your organization.

4)     Create secure communication channels

Today, many manufacturing processes require a person to be physically present at a workstation to complete a specific process. But during the pandemic, we’ve seen companies accelerating automation programs to help perform tasks from remote locations.

A key to this is creating highly secured communication channels. To create these, we can take inspiration from the military community and how it managed to create the capability to manage drones that operate remotely. Highly secure communication channels already exist. As we move beyond the COVID-19 pandemic, now is the time to figure out how you use them to manage your business processes remotely.

5)     Empower your CISO

As organizations’ priorities and business models shift dramatically, now is a time for CISOs to step up, solve problems, and be involved in companywide conversations. CISOs should be leading the charge, working together with the rest of the organization to solve problems, almost like a chief technology officer.

A CISO today has to function in a multifaceted way. And they need to be involved early in projects. Think of it as the difference between saying, “We’ve just built a fast car, now make it safe”, as opposed to, “We’re building a car that’s fast and safe”. I know which car I’d rather buy!


In times like these, many businesses make smart investments and adjustments that can have a profound effect on performance and safety. What you do now is critical as you plan for the return to work, but also to continuously pivot in and out of lockdown conditions.

Act now for a better future. 

About this article

By Dave Burg

EY Americas Cybersecurity Leader

Proud husband, father of three. Skiing, tennis and golf enthusiast.