Evaluation of Information Security Practices in the Context of Digital Transformation
Sergei Beliachkov *
Platform Cybersecurity Center, JSC Sberbank-Technologies, Moscow, Russia.
*Author to whom correspondence should be addressed.
Abstract
Digital transformation is accelerating the adoption of cloud platforms, data-intensive services and IoT ecosystems, reshaping the attack surface organisations must defend. This study provides an integrated assessment of information-security maturity in that context. Using a multi-method design—systematic literature review, cross-sector case studies, comparative analysis of leading maturity frameworks (NIST CSF, COBIT, CMMI, CMAF), and an expert survey—we gauge how well current controls, processes, and cultures align with emerging risks. Quantitative benchmarking indicates that enterprises operating at maturity levels 4–5 experience ≈50 % fewer major breaches than peers at levels 1–3, yet fewer than one-third routinely rehearse cloud- and IoT-oriented attack scenarios, exposing a persistent threat–readiness gap. To bridge this gap, the paper proposes an adaptive governance model that couples zero-trust principles and ML-driven analytics with continuous risk appraisal and culture-centric interventions. The findings inform security leaders and policymakers where to prioritise investment, emphasising that sustained digital growth depends on embedding cybersecurity maturity as a core metric of organisational resilience.
Keywords: Digital transformation, cybersecurity maturity, information-security governance, risk management, organisational resilience, cloud security, IoT threats