By Deepti Gaiki, Director, Information Security, Avalara
Many businesses think security is about defense with strong passwords and encryption. But these
businesses are thinking about it too narrowly. The truth is, security is about strong offense as well. The
companies that truly understand this are not waiting around for an audit or a major breach to take
action, especially when the average cost of a data breach reached $3.3 million as of November 2024,
and 42% linked to cloud-related threats. Leading businesses are planning to weave security into the very
code that powers their compliance systems, customer data flows, and global infrastructure.
Move towards technology
All industries are accelerating toward a high-tech future, powered by AI-led systems, interconnected
APIs and automation. These systems are also increasingly relied upon for real-time decision making, and
those decisions are affecting businesses’ legal, financial, and regulatory compliance. For example, in
cross-border transactions, a single sale can mean entirely different tax treatments. It depends on where
it happens, when it’s processed, how the product is classified, or whether exemptions apply. At that
moment, the tax automation software is not just calculating tax; it’s interpreting laws, applying
jurisdiction-specific rules, and producing outcomes that could later face audits, disputes, or compliance
Checks.
This shift means that agility alone is not enough. Systems must be architected so that their decision logic
is secure, traceable, and defensible from the start. This requires a secure-by-design approach, which
states that AI models, regulatory rules, and data safeguards are built in as foundational layers. Done
correctly, this not only creates a barrier against outside attack but also guarantees that automated decisions can be verified, trusted, and upheld through the scrutiny of external reviews. Service providers that provide such systems as part of a larger resilience framework protect revenues and build brand trust. In addition, by continuously deploying new features and security enhancements directly to users, they
ensure compliance remains strong in the face of change.
Technical debt creates vulnerabilities
Be it a legacy filing system or disconnected audit history, systems that once offered confidence can
become modern-day vulnerabilities. This often happens when organisations make the wrong choice by
opting for temporary solutions instead of durable, well-planned ones, leading to unseen costs of
technical debt that make systems less maintainable. No surprise then that 70% of technology leaders
see technical debt as the single biggest drag on innovation and productivity. A more strategic path is to
treat modernisation as an investment in both efficiency and compliance readiness. This means
evaluating needs, strengths, and budgets across key areas. Additionally, investing in software that
incorporates automation, regulatory intelligence, and scalability at its core is beneficial.
Road to a Secure Future
The next frontier is technology that anticipates risks, adapts in real-time, and infuses trust by design.
Businesses that actually succeed will be those that embed security within their processes. Organisations
that genuinely engage in automated testing and ongoing monitoring will prevail, as they represent a
culture where development, compliance, and security are a singular concept. Using modernisation as an
opportunity and not just a reaction to circumstances will reduce long-term risk, allowing for future sustainable growth.