How cyber secure organizations create value

In early 2023, the global EY organization surveyed 500 C-suite and cybersecurity leaders across 19 different sectors and 25 countries to better understand how companies are approaching their organization’s cybersecurity to prepare for the cybersecurity threats of today and tomorrow. This LinkedIn blog series explores the key themes and trends emerging from the EY 2023 Global Cybersecurity Leadership Insights Study, and identifies what the most successful firms, whom we call “Secure Creators”, do differently.? This article, the last in the series, explores how cyber security drives value within the organization.

Cybersecurity is not just about asset protection. Done well, it can support and accelerate innovation and value creation across the enterprise. From our EY clients, we have seen the best organizations have cyber weaved into the fabric of the firm. Making cyber integral to every part of the organization and operating model shifts the function from an inhibitor to a value driver.

Secure Creators are much more likely to say their cyber approach positively impacts the organization’s pace of transformation and innovation (56% vs. 25% of CISOs from Prone Enterprises), ability to rapidly respond to market opportunities (58% vs. 29%) and ability to focus on creating value rather than protecting value (63% vs. 42%). Value creation can take many forms. Cyber-secure organizations win greater trust from customers and suppliers who will be more confident transacting with them. Re-designing technology architectures can improve communication, collaboration and workforce productivity and improve spend efficiency.

For example, heightened security risks led?one retail giant?to pursue a cyber reform initiative that enhanced value beyond reduced vulnerability, important though that is. This included more efficient technology spending, the removal of obsolete and redundant tools, optimized manpower and refined roles and responsibilities, more efficient collaboration, and strengthened trust in its over one-billion-strong customer base.??

The study shows Prone Enterprises are more likely to struggle with balancing security and the speed required to innovate (55% vs. 42% of Secure Creators), revealing a further example of how cyber effectiveness is a platform for value and innovation and its absence, a hindrance. Ecosystems have become a fundamental business strategy to create value, whether that is through multiple brands, wholly owned or majority owned subsidiaries, partnerships or joint ventures.

To fully leverage the benefits of ecosystems, cybersecurity needs to be embedded from the start. CISOs need to ensure that cybersecurity criteria are included when evaluating potential partners by standardizing tech integration protocols. They also need to communicate effectively with business decision-makers to appropriately manage the risk that comes with expansion. An acquisition, for instance, may bring cyber risks but if the figures are dwarfed by the opportunity, it becomes a business risk decision like any other and need not necessarily mean abandoning a pursuit. Companies need to live with a “reasonable” level of risk.

For years, cyber security was a technical department called on when an organization faced a breach or compliance risk. Today, it is woven into the fabric of everything a company is and does. That contribution leads not just to a more secure environment but can build trust, win market share and create new products and service opportunities. ?Cyber leaders should take the opportunity to articulate their purpose and value to the organization. A secure foundation allows firms to innovate, move quickly to seize opportunities, and differentiate themselves in often competitive and crowded markets.?

Thanks for reading. Over this four-part LinkedIn series, we’ve uncovered the main challenges facing organizations in a cyber-insecure period and found the key behaviors and approaches that differentiate the best from the rest according to our survey. What do Secure Creators do differently?

?

• Simplify and rationalize the technology stack, and gain mastery over the attack surface, by harnessing automation, advanced data analytics, and orchestration.
• Communicate effectively across all tiers of the business, creating understandable narratives for the C-suite and embedding best practices throughout the workforce.
• Connecting cyber security to value creation, growth and innovation, as a means to build trust, strengthen brand equity and reform the technology stack overall, bringing operational benefits like improved collaboration, better governed supply chains, and optimized user experience for staff and customers alike.

?

The views reflected in this article are the views of the author and do not necessarily reflect the views of the global EY organization or its member firms.

?