Cybersecurity teams significantly boost business growth. They contribute a median value of $36 million. This is per enterprise initiative they are involved in. Despite this, cybersecurity budgets have recently declined. Budgets fell from 1.1% to 0.6% of annual revenue. This sharp decrease occurred over the past two years. This suggests a common perception issue among firms. Many organizations do not yet recognize this value. Investing in cybersecurity is a value-creating opportunity. Only 13% of CISOs are consulted early enough. This applies to urgent strategic business decisions. 58% struggle to show value beyond just risk mitigation.
Security teams demonstrably create substantial business value.
Cybersecurity functions account for considerable generated value. They produce 11% to 20% of an initiative’s total value. This monetary value varies greatly by company size. It’s a median of $11m per project for smaller large firms. This figure reaches $154m for very large global companies. Ernst & Young researchers identified a subgroup. They are known as “Secure Creators.” These CISOs are involved earlier and much deeper. They help implement AI and new technologies securely. This provides a clear competitive market advantage. They also positively impact external brand perception.
Secure data transfers are ensured by their efforts.
Early CISO involvement in strategic initiatives is key. It embeds security into business planning from the ground up. It also adds value by increasing adoption speed. This vital involvement builds greater trust with consumers. The rapid adoption of AI presents an opportunity. CISOs can expand their role to an executive level. Currently, only 43% of cyber functions meaningfully help adopt AI. Cybersecurity leaders should focus on simplifying AI’s rollout. They can optimize existing legacy technology tools. Simplifying cybersecurity tools also helps reduce overall costs. This ensures quick, secure deployment of new AI tools. CISOs can then become strategic AI partners.
The Ernst & Young study was quite comprehensive. It surveyed 550 C-suite and cybersecurity leaders globally. These leaders came from a variety of backgrounds. The extensive survey covered 16 different industry sectors. It also spanned a total of 19 countries worldwide. The geographic regions included the Americas. Asia-Pacific was also a key part of the study. Europe, the Middle East, India, and Africa (EMEIA) were covered too. This wide scope provides valuable global insights. The findings highlight a significant global trend. Cybersecurity’s strategic business role is often greatly undervalued by companies. This perception urgently needs to change.
Reference:
