As the world embraces the power of digital technologies, organizations everywhere now face the pressing need to manage a complex ecosystem of interdependencies. The proliferation of IT, OT and smart products within the Internet of Things — combined with an expanding threat landscape, evolving regulatory requirements and growing reliance on supplier networks — make the need for cyber resilience across entire ecosystems paramount.
What is the key to success in today’s dynamic environment? It’s digital trust. By adopting an ‘ecosystemic’ approach grounded in the principles of digital trust, more coordinated and resilient digital networks become a reality. ‘Ecosystemic’ thinking can provide a paradigm shift in how mutual digital dependencies may be viewed and has significant implications for how effectively we can work together.
This article seeks to examine the key elements of 'ecosystemic thinking’ — highlighting the need for long-term strategies and a holistic approach that is helping to make a difference today for some of the world’s leading organizations. It also looks at three essential steps to ecosystemic thinking that can help boost cyber resilience for a new era of challenges in this hyper-connected world. Companies that enable digital trust and collaboration across their ecosystem can position themselves to survive and thrive amid the challenges of a soaring threat landscape. Where to start? This article poses three fundamental questions businesses should ask themselves to transform ecosystem efficiency and security in a world of change.
Resilience in the digital age demands a holistic approach
To become truly resilient in today’s reality — where the rapid pace of change is accelerating — organizations should look at the system as a whole or, at least, the digital ecosystems in which they operate.
Modern companies are not simple, stand-alone entities but increasingly part of interconnected networks — ecosystems — that can cut across sector boundaries and provide new opportunities for innovation, efficiency and growth. In today’s hyper-connected environment, digital trust becomes critical as increased interconnections unleash significant new challenges and the need to transform resilience.
Organizations are increasingly dependent today on third, fourth and fifth parties within their supply networks. While this level of collaboration offers significant benefits, it also introduces new risks that should be managed. The European Union Agency for Cybersecurity (ENISA) lists ‘Supply Chain Compromise of Software Dependencies’ as the top threat in its Foresight Cybersecurity Threats for 2030 report.[i] As CISOs become more aware of growing supply-chain risks, mistrust and the expansion of third-party risk management controls are on the rise.
Meanwhile, government institutions globally are recognizing their responsibility to ensure a collective approach to bolstering digital resilience and fostering digital trust. In many of the latest National Cyber Security Strategies that recently have been published, national cybersecurity agencies or similar institutions describe the need for a resilient digital ecosystem.[ii] At the same time, the increasing influence of government bodies on resilience — through regulations such as the EU’s new Network and Information Security Directive (NIS2), its Critical Entities Directive (CED), the Digital Operational Resilience Act (DORA) and the Cyber Resilience Act (CRA) — adds a new dimension of pressure and complexity for companies. As the landscape evolves, so must resilience strategies if companies hope to thrive.
Lastly, citizens and consumers of digital technology have increasing expectations for the reliability and trustworthiness of the digital products and services they rely on. Meeting these changing expectations through a transparent approach to digital trust is becoming a key differentiator for organizations.
A collective, long-term strategy is essential
Driven by the need for information sharing, trust technologies such as privacy-enhancing technologies (PETs) and blockchain potentially enable and fuel collaboration between ecosystem partners. Instead of mere compliance-driven agreements between organizations, collaboration, will ultimately benefit the organizations involved.
It’s revealing and informative to consider how an ‘ecosystemic’ perspective is already making a difference for many leading companies. These global giants recognize that their production processes, efficiency, and competitiveness rely on a wide array of suppliers in diverse sectors.
In some cases, they provide a platform on which other partners can prosper or share resources that ultimately benefit the entire ecosystem, including the platform provider. In other cases, the goal is to make the entire ecosystem resilient.
A leading chipmachine maker, for example, recognizes that its high-tech manufacturing process completely relies on numerous diverse suppliers, and a costly cyberattack on any of these companies could disrupt its entire business. To make the system as a whole resilient, it has begun sharing resources meant for its own security with its partners and vice versa.
Many organizations, amid limited financial resources, skills and technology, might prefer to focus on maturing their own cybersecurity before looking at suppliers’ security. But beware — that approach represents a short-term gain in the face of a much-needed long-term approach as the threat landscape expands and grows in sophistication.
There should be a new way of thinking that moves from short-term gains to long-term strategies — moving from individual security to collective resilience. Establishing a truly cyber-resilient ecosystem requires a long-term vision and a strategic step-by-step approach:
1. Start by mapping out your digital ecosystems to show the dependencies, including those that you might not be aware of.
2. Then bring together the inner circle of your ecosystem, discuss mutual dependencies and risks, and set a clear vision, goal(s) and strategy that every organization can commit to.
3. Develop and fortify your ecosystem by building digital trust. To start sharing resources, set clear boundaries and guidelines within which resources can safely be shared to unlock new benefits. The roles and interactions of each participating organization need to be clearly defined. Also, each partner in the ecosystem should have a complementary role. Roles can also change over time. Data exchange within an ecosystem is often critical and ensuring trust is pivotal. That is where trust technologies come into play.
Defining, developing, and bringing together your ecosystem partners does not provide quick fixes or short-term gains. It requires leadership with a long-term vision and the power to bring people together, plus proper guidance and a clear plan that includes a step-by-step approach featuring:
You should identify all dependencies, including, for example, fourth parties, and draft an ecosystem strategy with clear goals — bringing ecosystem partners together on a multi-year plan to fortify and manage cyber resilience.
Every organization in an effective ecosystem has a complementary role to play. Decide which partners to on-board or off-board in your ecosystem to drive effective collaboration and positive results.
With your digital ecosystem and key players in place, specialist guidance can help boost results as the journey unfolds. KPMG professionals can provide an Ecosystem Maturity Framework featuring the key building blocks needed to enable you to achieve success.
To enhance processes and security measures across your digital ecosystem, perform an ‘ecosystem health check’ of third-party relationships and processes across your digital ecosystem.
Digital trust underpins a truly cyber-resilient ecosystem
Beyond the need for a clear strategy, a governance structure and well-defined financial and legal boundaries, digital trust is one of the key components of a truly cyber-resilient ecosystem.
KPMG, together with the World Economic Forum and other collaborators, has developed a global framework for digital trust. This framework serves as a decision-making guide for organizations, enabling the development and deployment of reliable, trustworthy technology and, through it, trusted collaboration ecosystem wide. The WEF defines digital trust as public expectations that “digital technologies and services — and the organizations providing them — will protect all stakeholders’ interests and uphold societal expectations and values.”[iii]
The digital trust framework provides a precise and compelling roadmap in this dynamic digital world and the inevitable need to enhance adaptability and cyber resilience among digital ecosystems. Reliance on a common framework and language offering mutual standards and practices drives enhanced collaboration, consistency and trust in ever-evolving technologies while bolstering ecosystem defenses against potential threats. The digital trust framework encapsulates three goals:
- Security and reliability.
- Accountability and oversight.
- Inclusive, ethical, and responsible use.
These goals are divided into eight dimensions — cybersecurity, safety, transparency, interoperability, auditability, redressability, fairness, and privacy — and it is paramount to tackle all of these dimensions to achieve the framework’s three goals.
A global framework for digital trust[iv]
To become a truly cyber-resilient organization, trust and collaboration among digital ecosystem partners are indispensable and ‘ecosystemic’ thinking, combined with the digital trust framework, is a good starting point. Resilience is no longer optional but pivotal in today’s increasingly complex environment. If organizations establish and foster collaboration across their digital ecosystem with a common understanding of digital trust, they can optimize resource allocation and transform supply chain risks into opportunities.
Companies that ensure digital trust in their ecosystem can not only survive the challenges of a soaring threat landscape but also flourish. Where to start? Consider these three questions:
Asking these questions and communicating your efforts to stakeholders and customers will help to showcase that you are taking digital trust seriously, help strengthen relationships within your ecosystem and among consumers and, ultimately, it should strengthen your organization’s digital resilience.
As digital dependencies proliferate — exponentially amplifying both risks and mistrust — cybersecurity expenditures surge. This necessitates a paradigm shift to a truly modern perspective that transcends conventional approaches to safeguarding our increasingly interconnected environments. Business should focus more intently on becoming resilient through a collective approach, alongside and beyond keeping our individual organizations secure. Visionary cybersecurity leaders should set the long-term strategy with their ecosystem partners and build trust on a personal level by leveraging the potential of trust technologies. Only then will we be able to efficiently build resilient digital societies that can make a difference in a world of change.
Get in touch
Connect with us
- Find office locations kpmg.findOfficeLocations
- kpmg.emailUs
- Social media @ KPMG kpmg.socialMedia
Related content
[i] Foresight Cybersecurity Threats For 2030 - Update 2024: Executive Summary
[ii] See for example the US National Cybersecurity Strategy 2023, the UK Government Cyber Security Strategy 2022-2030, or the 2023-2026 Australian Cyber Security Strategy.
[iii] The World Economic Forum Digital Trust initiative
[iv] Earning Digital Trust: Decision-Making for Trustworthy Technologies (World Economic Forum)