Cybersecurity: More Than Just a Cost

hacker
  • A new EY study reveals that cybersecurity can drive business growth and innovation, yet many companies are cutting budgets and sidelining their CISO.

A recent global study by EY, which surveyed 550 executives and Chief Information Security Officers (CISOs), reveals a significant disconnect in corporate priorities. Cybersecurity, despite its potential to generate substantial financial savings, is often overlooked in key business decisions. The report suggests that when approached correctly, data protection can become a powerful catalyst for growth and innovation, rather than being seen as a necessary cost. Many companies are missing out on this potential by not fully integrating cybersecurity leaders into their strategic planning.

The study indicates that effective IT security measures can add a remarkable 11-20% in value to corporate projects. This can translate into millions of dollars in profit. In spite of these potential gains, the research found that most companies have actually reduced their cybersecurity budgets. Over a two-year period, the average cybersecurity budget as a percentage of annual revenue fell from 1.1% to 0.6%. This trend highlights a fundamental misunderstanding of cybersecurity’s value beyond simple risk mitigation.

The CISO’s Role in Business Strategy

A critical finding from the survey is that only 10% of CISOs are involved in the early stages of strategic decision-making. The report highlights that organizations that do include their CISOs in these discussions create demonstrably more business value. These companies experience fewer security incidents, and they also benefit from a more positive brand perception. They are better positioned to enhance the customer experience and are leaders in implementing artificial intelligence.

The research suggests that cybersecurity should transcend its traditional role as a mere technical support function. It needs to be an integral component of a company’s overall business strategy. This integration often requires collaboration with external consultants who can offer both technological and business perspectives. Such partnerships can ensure that a company’s security investments are not only mitigating risks but also supporting long-term financial objectives.

Simplifying Tools and Adopting AI

The study reveals that companies currently use an average of 35 different cybersecurity tools, with some organizations using over 50. This complexity leads to inefficiency and increased costs. Many organizations are now working to simplify their technology stacks to address this issue. Over the past two years, 20% of companies have already streamlined their security tools, and four out of ten are actively working on it.

Automated, AI-based solutions have proven to be particularly effective in this regard. These technologies have, on average, accelerated the detection and remediation of threats by 25%. Such solutions have also resulted in significant cost savings, with companies reporting an average annual saving of $1.7 million. This shift toward automation and AI is a clear sign that organizations are seeking more efficient ways to manage their security posture.

Interesting Fact: The Cost of a Data Breach

According to a 2024 IBM report, the average cost of a data breach has reached an all-time high of $5.4 million globally. This figure highlights the substantial financial risk that companies face when they underinvest in cybersecurity. The report also found that companies that fully deployed security AI and automation experienced significantly lower breach costs, reinforcing EY’s findings.

Read more..

passkey

Microsoft Ends Authenticator Password Autofill

IBM

The AI Security Gap

Aeroflot

Aeroflot Cyberattack Disrupts Russian Air Travel

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.