Gone are the days when cybersecurity in projects was an afterthought. Project managers should ensure that appropriate measures are taken to protect the confidentiality, integrity, and availability of the project information and systems.

Mentioned below are the top 4 “must do” for Project Managers:

1. Incorporating cybersecurity into the entire project lifecycle: Irrespective of the project approach you follow, cybersecurity should be considered throughout the project lifecycle, from the initiation all the way to the closeout. This may involve ensuring that appropriate cybersecurity measures are in place before, during and after project assets and data are used, while also securing any changes to the project systems or data. Introduction of cybersecurity to the project later will introduce chaotic, unmanageable and costly changes.

2. Identifying and assessing the cybersecurity risks: As part of the risk management process, project managers must identify and assess any potential cybersecurity risks to the project. This may include identifying vulnerabilities in the project systems and assessing the likelihood and impact of potential cyber threats. It is vital to engage industry cybersecurity expertise to conduct a thorough and methodic risk assessment. Assessment activities such as threat modeling, vulnerability assessment are critical in identifying the cyber risks.

3. Developing a cybersecurity plan: After running the risk assessment, project managers must then develop a plan to address the identified cybersecurity risks. This may include implementing appropriate controls and measures, such as encryption and access controls.

4. Managing third-party cybersecurity risks: It is rarely the case that a project does not involve the use of third-party vendors or service providers. The project managers therefor must ensure that these parties have at least equal to own appropriate cybersecurity measures in place to protect project assets and data. All the protection efforts that a project manager may employ can be rendered useless if the project data accessed by the third-party is not protected equally rigidly.

Overall, the goal of incorporating cybersecurity into project management is to ensure to minimize the risk of cyber threats that can disrupt the project. The earlier it is done, the less cost variance and the less risk of project failure. A cyber enabled project manager with knowledge and understanding in this area will add significant value to any project.