Spending more, getting less? Rethinking cybersecurity can unlock value
Is your organization spending more on cybersecurity these days? Ask yourself this – are you seeing more value from this increased investment, or just another layer of complexity?
Unfortunately, the latter is true of most organizations we spoke to for The EY 2023 Global Cybersecurity Leadership Insights Survey. Just one in five CISOs surveyed said their cybersecurity approach was effective for the challenges of today and tomorrow. Within most organizations, it seems that a higher spend on cyber has done nothing to stem the tide of attacks, which have increased by about 75% over the past five years. Instead, a fragmented, complicated – and expensive – cybersecurity approach is actually exposing organizations to more risks, and slowing down their ability to innovate.
A group we call "Secure Creators" is bucking the trend. Secure Creators have fewer cyber incidents and are quicker at detecting and responding to incidents than their lower-performing counterparts, "Prone Enterprises". They are also more likely to be satisfied with their cybersecurity approach today (51% vs. 36%) and more likely to feel prepared for the threats of tomorrow (53% vs. 41%).
How do they do it? Secure Creators tend to share three features:
Transforming cybersecurity from cost center to value driver
Secure Creators are reaping benefits beyond reduced cyber risks and boosted resilience. When cyber is woven into the very heart of an organizations’ operating model, it transforms the function from a cost center to a value driver, supporting and accelerating innovation across the enterprise.
Recommended by LinkedIn
But making the shift from Prone Enterprise to Secure Creator isn’t easy to achieve, or maintain. Building a proactive, connected, tech-enabled cyber function is tough when attack surfaces are expanding and threats evolving at speed. New technology is expensive to install and maintain, and difficult to integrate with legacy systems. Cyber budgets are under pressure and the right talent is hard to find. Fifty percent of survey respondents said their biggest internal cyber challenge was difficulty balancing security and innovation at speed. This is an alarming finding at a time when innovative transformation is simply critical to keep ahead of competitors. If your cybersecurity function is slowing this down, you need to find a better way.
A Managed Services approach can be a fast pass to the Secure Creators club. Partnering with the right provider gives organizations immediate, cost-effective access to more technology, talent and domain expertise than even the most well-financed company can build inhouse. Instead of endlessly pouring more money into cybersecurity, Managed Services optimizes investment by streamlining processes (through automation and other emerging tech) and injecting deep insight.
When clients bring EY Cybersecurity Managed Services teams in, they tell us they see tangible value straight away – reduced risks, optimize costs, stronger resilience, speed to maturity, faster recovery (and less fallout) from cyber incidents.
But, more importantly, they are also positioned to reap long-term value well into the future. Just as the survey reveals, companies that maximize cybersecurity – Secure Creators – are more likely to achieve broader business goals. A connected, whole-of-enterprise cyber approach, continually finds ways to enhance operational performance. A confident cyber culture accelerates innovation. Greater digital integrity builds a trusted reputation. Agile cyber operations create a business ready for anything. And, perhaps most importantly, when EY Managed Services teams lift the burden of cybersecurity risks, leaders have the time (and capital) to focus on growing the core business. How faster could your business transform when cybersecurity is a strategic enabler? For a discussion on a Cybersecurity Managed Services solution that meets your needs, please get in touch or leave a comment below.
The views reflected in this article are the views of the author and do not necessarily reflect the views of the global EY organization or its member firms.
EY Cybersecurity CTO [Americas and Global] - Principal/Partner - Driving business value at the intersection of cyber and emerging technology; Advocate and supporter of Mission of Hope
1yVery insightful Krishna! I love how Secure Creators are flipping the proverbial script on security as a cost center - driving better ROI and lower risk (at the seams of complexity) through a pivot to simplification and (when appropriate) managed services. Keep this content coming!
CRO | Rain Maker | Cybersecurity | Cloud | Telco | Forbes Technology Council | MIT Sloan Alumnus | GSIs/Alliances/Channel | Start-Up | AI | IoT| SaaS | ZeroTrust l SASE | Platforms | Mentor/Advisor |
1yGreat stuff Krishna Balakrishnan (BKP) 🎉