Unit 1
Collaborative discussion post
Read Doroiman, M. M. and Sîrghi, N. (2024) and then post a message that reflects your thoughts and responses to the questions below. You should support your arguments with appropriate academic references.
In your responses, consider the following questions:
- What do you consider as a fully digital enterprise?
- What are the cyber security challenges/concerns with a fully digital enterprise?
- What are the cyber security challenges for a bricks and mortar SME wanting to become a digital enterprise?
A fully digital enterprise takes advantage of the modern technological landscape by incorporating the digital technologies into all aspects of its operations. Such enterprises employ big data analysis, cloud infrastructure, artificial intelligence, digital automation and other technologies in their day-to-day operations. Embracing digital technology is essential for organisational growth, but also presents new challenges. (Schreckling and Steiger, 2017; Doroiman and Sîrghi, 2024)
Digital enterprises rely on modern technology in their operations, which makes cybersecurity a critical factor in their success. Any interruption or data breach can have devastating consequences. Their digital nature creates a large attack surface with APIs, third-party integrations, and both client and employee access points as potential targets. Personal data must be handled in accordance with regulations like GDPR, and violations can lead to legal action (European Commission, no date), reputational damage, and loss of trust (Fox, Lynn and Rosati, 2022). Reliance on external vendors for cloud-based infrastructure and services increases this risk, making enterprises dependent on their vendors’ security practices and uninterrupted operation. The adoption of emerging technologies such as artificial intelligence for customer service or data analysis adds new attack vectors such as prompt injections (Palo Alto Networks, no date).
Generally, for a digital enterprise, cybersecurity is a moving target that requires constant monitoring of emerging threats and countermeasures, along with employee training to strengthen the organisation’s cybersecurity culture: “the knowledge, beliefs, perceptions, attitudes, assumptions, norms and values of people regarding cybersecurity and how they manifest in people’s behaviour with information technologies” (European Union Agency for Network and Information Security, 2017).
These risks are amplified for brick-and-mortar enterprises undergoing a digital transformation. Adding a digital layer to existing operations introduces new attack vectors and requires management and staff to understand core cybersecurity principles and build the enterprise’s cybersecurity culture. Common challenges may include gaps in employee awareness, poor handling of sensitive information, weak vetting of contractors, and the absence of effective incident response plans.
The 2013 Target breach, which exposed millions of customer records, began with the compromise of a third‑party contractor’s system and was exacerbated by ignored security alerts (United States Senate Committee on Commerce, Science, and Transportation, 2014; Jones, 2025). Similarly, the 2017 Equifax breach, caused by an unpatched software vulnerability, was worsened by expired monitoring tools and delayed public disclosure. In both cases, shortcomings in security culture and oversight contributed to severe financial and reputational damage (Fruhlinger, 2020).
These cases illustrate how the challenges of adopting digital technology in an existing enterprise can lead to serious damage. At the core is often a limited understanding of digital technologies, their risks, and how to manage them effectively. Appropriate training and awareness are therefore essential to any successful digital transformation.
References
Doroiman, M.M. and Sîrghi, N. (2024) ‘The digital enterprise landscape: how DESI metrics shape economic growth in the EU’, Oradea Journal of Business and Economics, 9(2), pp. 36–46. Available at: https://doi.org/10.47535/1991ojbe194.
European Commission (no date) What if my company/organisation fails to comply with the data protection rules? Available at: https://commission.europa.eu/law/law-topic/data-protection/rules-business-and-organisations/enforcement-and-sanctions/sanctions/what-if-my-companyorganisation-fails-comply-data-protection-rules_en (Accessed: 4 August 2025).
European Union Agency for Network and Information Security (2017) Cyber security culture in organisations. LU: Publications Office. Available at: https://data.europa.eu/doi/10.2824/10543 (Accessed: 4 August 2025).
Fox, G., Lynn, T. and Rosati, P. (2022) ‘Enhancing consumer perceptions of privacy and trust: a GDPR label perspective’, Information Technology & People, 35(8), pp. 181–204. Available at: https://doi.org/10.1108/ITP-09-2021-0706.
Fruhlinger, J. (2020) ‘Equifax data breach FAQ: What happened, who was affected, what was the impact?’, CSO Online, 12 February. Available at: https://www.csoonline.com/article/567833/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html (Accessed: 3 August 2025).
Jones, C. (2025) ‘Warnings (& Lessons) of the 2013 Target Data Breach’, Red River | Technology Decisions Aren’t Black and White. Think Red., 1 July. Available at: https://redriver.com/security/target-data-breach (Accessed: 3 August 2025).
Palo Alto Networks (no date) What Is a Prompt Injection Attack?, Palo Alto Networks. Available at: https://www.paloaltonetworks.com/cyberpedia/what-is-a-prompt-injection-attack (Accessed: 4 August 2025).
Schreckling, E. and Steiger, C. (2017) ‘Digitalize or Drown’, in G. Oswald and M. Kleinemeier (eds) Shaping the Digital Enterprise. Cham: Springer International Publishing, pp. 3–27. Available at: https://doi.org/10.1007/978-3-319-40967-2_1.
United States Senate Committee on Commerce, Science, and Transportation (2014) ‘A “Kill Chain” Analysis of the 2013 Target Data Breach’. Available at: https://www.commerce.senate.gov/services/files/24d3c229-4f2f-405d-b8db-a3a67f183883 (Accessed: 4 August 2025).