If you ask most executives why it’s important to invest in cybersecurity, their answers are likely to focus on the defensive benefits. They’ll talk about potential downtime, protecting customers’ privacy, and avoiding bad PR. With massive data breaches bedeviling large companies spanning from Target to Yahoo, it’s hard to blame these executives for viewing cybersecurity purely through a protective lens.
But according to new research from Cisco, this viewpoint may be shortsighted. The report, titled “Cybersecurity As A Growth Advantage,” found that cybersecurity also plays a major role in pushing forward innovation and speeds up the development of digital products.
Joel Barbier was the lead investigator on the project and will be hosting a webinar on its findings later this month (you can register for the event over here). Barbier is is a director in the Cisco Digitization Office and a visiting faculty at the Global Center for Digital Business Transformation at IMD, Lausanne. He and his colleagues decided to launch the study after noticing that Cisco clients were conducting cost-benefit analyses on cybersecurity and coming up short. “We saw a discrepancy between the importance that business executives were placing on cybersecurity and the relatively low economic value that we were finding looking at just the defensive aspects,” he said in an interview. “The economic findings didn’t tie with the importance of cybersecurity ascribed by business executives.”
This meant that there must be other benefits to cybersecurity beyond defense. To test this theory, Barbier and his colleagues surveyed 1,014 senior executives in 10 countries and then followed up with 11 in-depth interviews with senior executives. “We interviewed people to understand further how they viewed cybersecurity and what value they placed in it,” he explained. “And as we started to look at the survey results, a different view began to emerge, and that is that organizations often choose a wait-and-see approach to new products when they don’t think security is good enough. It became obvious to us that in order to compete, organizations needed to take a more proactive approach with security.”
[LIKE THIS ARTICLE SO FAR? GET THE LATEST IT LEADERSHIP NEWS BY SIGNING UP FOR OUR NEWSLETTER OVER HERE]
Of the executives surveyed, 64 percent said they “recognize that cybersecurity is a vital foundation for their digital growth strategies, citing it as a ‘significant’ driver of success for digital products, services, and business models.” What’s more, 71 percent responded that “concerns over cybersecurity are impeding innovation in their organizations” while 40 percent “stated that they had halted mission-critical initiatives due to cybersecurity issues.”
While the researchers could identify seven use cases in which cybersecurity generated defensive benefits, they also found over 400 use cases for how it would drive $7.6 trillion in value over the next decade. As but one example, more and more companies are considering integrating internet of things devices into their product offerings, but only those companies that have comprehensive security measures in place are actually moving forward on these innovations while less secure companies are hesitant to risk exposing customer data. “For example, even though it’s possible to hack a personal vehicle, Tesla has chosen to have an IP platform where they connect their vehicle and track what their vehicles are doing,” said Barbier. “Because they feel secure enough to take risks, they’re taking market share, they’re creating value.”
The study found that a high opportunity-to-risk ratio results in the biggest innovations. “Secure digitizers said they feel prepared to address potential cybersecurity risks in key digital technology areas — analytics, IoT, and cloud computing,” the authors wrote. “As a result, secure digitizers are more confident about incorporating digital technologies into their businesses. This allows them to innovate faster and accelerate time to market.”
Luckily, more and more companies are recognizing these benefits and allocating money toward cybersecurity. “I think as industry standards are established, more and more companies are promoting what they’re doing from a cybersecurity perspective,” said Barbier “They’re essentially more transparent that they’re embedding security through their value chain, and as people become more aware of those value chains, then these companies are able to differentiate themselves.”
In other words, cybersecurity is no longer just a means to avoiding a PR disaster, but rather it’s become a necessity for engendering digital innovations, goodwill, and user loyalty, as well as driving revenue growth. Those companies that refuse to invest in it are doomed to be left behind.