There’s no question that CFOs are increasing spending on cybersecurity. While many are doing so in an effort to protect against threats, others also see cybersecurity investment as an opportunity to innovate.
As such, spending on cybersecurity becomes more than about using dollars to protect the business and “avoid loss.” It also becomes about addressing risk and innovation – thus enabling growth - within an organization.
When asked how much they expected their company’s cybersecurity spending to change in the next 12 months, 41 percent of the CFOs recently surveyed by Cisco said they expect it to increase “significantly.” Another 46 percent said they expect it to increase “somewhat." When asked how much the availability of business benefit metrics would affect their decision to invest in cybersecurity, 38 percent of CFOs said they would be “much more likely to invest.” Another 43 percent said they would be “somewhat more likely to invest.”
Going digital clearly fuels business opportunities within the private sector by connecting people, processes, data and things. But it also increases vulnerability to cyberattacks. Successful hacks disrupt business, erode consumer confidence and impact an organization’s reputation.
The Ponemon Institute’s 2014 Cost of Data Breach Study: United States puts the average cost for each lost or stolen record at $201, and the total average 2014 cost paid by organizations at $5.9 million for each data breach, up from $5.4 million in 2013. The surging costs are attributable to the “loss of customers following the data breach due to the additional expense required to preserve the organization’s brand and reputation.”
Steve Durbin, managing director of the Information and Security Forum, points out that while organizations can make sure systems are hardened and back up and running, that “trying to manage a reputation in the course of public opinion is tremendously difficult.”
There is growing evidence that digital-focused cybersecurity innovations and strategies can both neutralize the time and intelligence advantages hackers develop. Through digitization, organizations can also create significant business advantage for operational responsiveness, adaptability and learning, customer experience and loyalty, risk mitigation and overall competitiveness.
The CFO of a major airline recently shared his thoughts on the shift in perception about cybersecurity.
“Cybersecurity is really what makes your business model operational. Without that cybersecurity level you’re still in beta as a company,” “Cybersecurity is really what makes your business model operational. Without that cybersecurity level you’re still in beta as a company,” he said. “You need that operational layer that’s no longer mandatory. It’s no longer defensive. It’s part of your core business.”
In his opinion, cybersecurity going forward can help a company actually drive innovation.
“When they’re designing their business model around these operational elements they’re allowed to be more innovative and they’re allowed to be more agile…” he said. “Cybersecurity can represent a key competitive advantage in the market when you think of it as an enabler for unlocking technology and helping a company be more nimble.”
Cybersecurity as baseline
Financial executives are getting increasing pressure to not just escalate market share, but to do so in a trustworthy manner.
“More companies are reaching out to their third party providers, vendors and customers electronically, so going forward they are expected to have much more focus on a robust security strategy and the right security solutions,” Durbin said. “So now cyberinsurance is more being viewed as part of the intrinsic baseline of an organization expecting to go on a growth trajectory.”
Traditionally, he continues, cybersecurity has been viewed as how strong is a company’s perimeter, how can we keep people out?
“But when it comes down to growth, financial executives see they have to invest in a certain amount to fit the purpose of both today and tomorrow,” Durbin added. “To operate effectively in cyberspace, organizations are now required to have robust cybersecurity processes in place, be able to demonstrate them to investors, consumers and customers and regulate them when it’s appropriate.”
Indeed, nearly one-third of CFOs recently surveyed by Cisco said “enabling business growth” was a major consideration when considering their level of cybersecurity investment.
It’s clear that cybersecurity is no longer just a matter for an organization’s IT department.
“Too often cybersecurity is a matter that gets relegated to the IT department,” the airline CFO said. “This is something that needs to be owned across the entire organization.”