Cybersecurity teams are making significant contributions to business growth, with a median value of $36 million generated per enterprise initiative in which they participate. Despite this clear impact, cybersecurity budgets have recently declined, falling from 1.1% to 0.6% of annual revenue over the past two years. This sharp decrease suggests that many organizations still do not fully recognize the value cybersecurity can create, viewing it primarily as a risk-mitigation measure rather than a driver of growth. In fact, only 13% of Chief Information Security Officers (CISOs) are brought in early enough to influence urgent strategic business decisions, while 58% of security leaders continue to struggle to demonstrate value beyond basic risk reduction.
Nevertheless, security teams demonstrably generate substantial business value, contributing 11% to 20% of the total value of strategic initiatives. This impact varies significantly depending on company size, ranging from a median of $11 million per project for smaller large firms to $154 million for very large global companies. A recent study by Ernst & Young identified a subgroup of CISOs known as “Secure Creators” who are engaged early and deeply in projects. These security leaders play a crucial role in implementing artificial intelligence (AI) and new technologies securely, providing their organizations with a competitive edge and enhancing external brand perception. Their efforts also ensure secure data transfers across systems and processes.
The early involvement of CISOs in strategic initiatives is essential for embedding security into business planning from the outset. This proactive engagement not only mitigates risk but also accelerates the adoption of new technologies and builds greater trust with consumers. As AI adoption grows rapidly, it presents a unique opportunity for CISOs to expand their influence to an executive level. Currently, only 43% of cybersecurity functions are meaningfully supporting AI adoption. To fully capitalize on this opportunity, security leaders should focus on simplifying AI deployment, optimizing legacy technology tools, and reducing the overall complexity of cybersecurity solutions. Doing so will ensure that AI tools are deployed quickly and securely, positioning CISOs as essential strategic partners in the organization’s AI initiatives.
The Ernst & Young study was extensive, surveying 550 C-suite and cybersecurity leaders from 16 industry sectors across 19 countries, including the Americas, Asia-Pacific, Europe, the Middle East, India, and Africa (EMEIA). This broad geographic scope and industry coverage provide valuable global insights. The findings highlight a significant trend: many companies still undervalue the strategic business role of cybersecurity, an oversight that urgently needs to be addressed.
Reference:
