Secure by Design: Closing the Gaps in Digital Transformation

Secure by Design: Closing the Gaps in Digital Transformation
The global BDO network hosted a webinar entitled “Secure by design Closing the gaps in digital transformation webinar”, focusing on integrating cybersecurity into digital transformation initiatives and managing generative AI risks. 

In partnership with BDO and the international market analytics provider IDC (International Data Corporation), practical insights into the current state of security and digital transformation were gathered.

Among the speakers, representatives from the BDO network: Wayne Anderson (Managing Director, Cybersecurity, BDO USA), Brad Storan (Head of Offensive Security & DFIR, BDO UK) і Jason Gottschalk (Partner, Cybersecurity, BDO UK) shared their conclusions on business readiness for cyber threats, discussed current challenges in implementing artificial intelligence (AI), and presented practical strategies for improving cyber resilience.

IDC Survey coverage and methodology
The IDC survey covered seven countries — Canada, the United States, the United Kingdom, Australia, Germany, the Netherlands and Belgium — and included representatives from 15 industries, with organisations ranging in size from 100 to more than 5,000 employees. The study surveyed 411 respondents, all having responsibility for or influence over cybersecurity within their organisations, ensuring a high level of representativeness and strong practical value of the results.

What IDC’s cyber readiness study revealed
The focus is on IDC’s white paper Cybersecurity Readiness and the Age of Digital Transformation (July 2025), based on a survey of 411 respondents across seven countries and multiple industries. Among the most notable findings are:
  • Only 40% of organisations integrate cybersecurity at the digital transformation planning stage, which often leads to delays and disruptions during implementation.
  • In doing so, 31% of companies have already implemented GenAI usage policies, indicating that the pace of innovation is outpacing effective risk management.
  • Of the 81% of organisations that rate their cybersecurity budgets as adequate or better, only 26% feel very confident in their readiness for cyber threats.
  • These organisations report more than five incidents per year, emphasising that the decisive factor is not the level of spending, but the degree of operational readiness.

Generative AI: shadow use and attack modelling
The speakers highlighted the key risks of GenAI and introduced two important concepts — Shadow AI and AI Red Teaming — which are especially relevant for organisations today. Shadow AI refers to the use of AI tools and models without formal approval, proper management, or adequate controls. While it may boost productivity, it also creates significant security and compliance risks.

At the same time, AI Red Teaming is viewed as an effective way to address these challenges. By testing and modelling malicious scenarios, organisations can identify vulnerabilities in AI systems and enhance the security of their implementation.

As an example of this trend, research from early 2024 shows that 78% of users bring their own AI tools into their work processes.
  • 31% of organisations have already implemented policies governing employee use of GenAI.
  • According to the survey, 77% of organisations are concerned about the risk of prompt injection, with an additional 11% being very concerned.
  • For GenAI solutions, it is crucial to implement AI Red Teaming and testing practices, such as the OWASP Top 10 for LLMs.

Infographic about security issues when implementing artificial intelligence (AI) in organisations: 80%25+ of managers consider confidential data leaks to be the main threat; 78%25 of employees use shadow AI (BYOAI) at work; 77%25 of companies are concerned about new vulnerabilities and attacks, including prompt injection; 55%25 of executives do not fully understand AI regulations and need compliance recommendations. Data from ISMG, Microsoft, LinkedIn, and Gartner research.
 
Practical steps to turn spending into real readiness
  1. Threat-led investment approach: Focus your budget on the most critical threats and align spending with your organisation’s business priorities.
  2. Invest in incident readiness: Invest in 24/7 monitoring, automated threat detection, endpoint protection, and response playbooks.
  3. Consolidate the tech stack: Integrate tools with overlapping functions to achieve unified visibility and reduce complexity.
  4. Build strategic capabilities in-house: Strengthen governance, risk modelling, and staff awareness programmes, with a particular focus on GenAI risks.
  5. Test, track, improve: Model APT attacks, track metrics (detection rate, patching rate, training effectiveness) — not just the number of incidents.

Infographic ‘Strategies for Smart Cybersecurity Budget Allocation’: 5 Key Steps — 1) Investing with current cyber threats and business priorities in mind; 2) improving incident readiness through 24/7 monitoring and automated detection; 3) consolidating technology solutions for unified visibility and reduced complexity; 4) developing strategic capabilities and managing risks, including AI risks; 5) testing, tracking KPIs, and continuously improving protection.
 
The most popular risk minimisation strategies
The most common practices organisations use to mitigate risks associated with artificial intelligence include employee training (49%), the implementation of specialised AI-specific security solutions (46%) and strengthening data access controls (41%). At the same time, only 31% of organisations have formalised usage policies, highlighting the urgent need to close gaps in AI governance and usage policies.
 
Infographic on cybersecurity and AI management priorities in companies: 49%25 — employee security training; 46%25 — implementation of special AI security solutions; 41%25 — strengthening data access control; 31%25 — development of AI usage policies.

Challenges on the path to sustainability
Organisations — particularly medium-sized and large enterprises — continue to face fundamental security challenges. These gaps persist despite adequate budgets and board-level oversight, highlighting a disconnect between strategy and implementation.
  • Third-party risk management
  • Vulnerability remediation
  • Secure by design

Infographic with key areas of cyber protection and AI security: third-party risk management, vulnerability elimination and continuous vulnerability management, as well as security by design. 

Fundamentals of modern sustainability
  • Constantly assess risks and pre-plan a response and decision mechanism when “all hazards” happen.
  • Engineer business processes to eliminate single points of failure by introducing redundancies and backups.
  • Architect any cloud system for low-cost built-in redundancy and disaster recovery capabilities.
  • Regularly review critical processes through routine exercises and audits to highlight changing threats and market conditions.

Infographic with recommendations for improving business cyber resilience: continuous risk assessment and incident response planning; development of business processes with redundancy and backup to eliminate single points of failure; creation of a reliable cloud system with backup and disaster recovery capabilities; regularly checking critical processes against standard rules to identify new threats and changes in market conditions.
 
Experts of BDO in Ukraine emphasise that the effective and secure implementation of artificial intelligence requires a systematic approach combining risk management, mature corporate governance, continuous monitoring, and the development of cyber resilience. AI presents significant business opportunities only when security is integrated into strategy, processes, and corporate culture. This approach transforms cybersecurity from a reactive function into a strategic tool that supports long-term growth and builds trust.

BDO in Ukraine recommends:
  • Implement a comprehensive approach to cybersecurity that focuses on the most critical business threats.
  • Ensure transparency across supply chains and properly assess third-party risks.
  • Invest in employee training and modern security tools, including AI solutions.
  • Regularly update security policies and test their effectiveness.

Детальніше про заходи та рекомендації із кібербезпеки можна обговорити на консультації — звертайтеся For more information on cybersecurity measures and recommendations, contact the team of BDO in Ukraine for a consultation.
CONTACT USOpens in a new window/tab

Key Findings:

  • Cybersecurity lags behind digital transformation: only 40% of companies integrate security at the change planning stage, creating additional risks when scaling GenAI.
  • Budget ≠ operational readiness: although 81% of organisations rate their funding as sufficient, only 26% are confident in their resilience to cyber threats.
  • Shadow AI is a growing uncontrolled risk: employees actively use tools and LLM models without formal policies and oversight, increasing the likelihood of data leaks and compliance violations.
  • LLM risks require new approaches: 77% of organisations are concerned about prompt injection, reinforcing the need for AI Red Teaming and OWASP-standard testing for LLM.
  • Secure by Design — the foundation of resilience: effective third-party risk management and continuous monitoring are critical for secure digital transformation

Subscribe to BDO in Ukraine Newsletters.

SUBSCRIBEOpens in a new window/tab

Key Contact

Andrii Borenkov

Andrii Borenkov, CFA

Partner, Head of Advisory
View bio