The Business Value of Cybersecurity

Jean-Christophe Gaillard Jean-Christophe Gaillard
September 13, 2019 Future of Work

Tangible business metrics are key but hard to find

Cybersecurity is rising as a key issue on the radar of virtually all organisations. According to a recent AT Kearney report, cyber-attacks have been topping executives’ lists of business risks for three straight years. This concern is also driven by security and privacy becoming increasingly valued by customers, and by regulators stepping into the topic (GDPR in Europe, California Consumer Privacy Act of 2018).

The Business Value of Cybersecurity

Beyond this, it is now becoming crystal clear that cybersecurity – beyond good practice and good ethics – is quite simply good business. As a recent Cisco study made clear, cybersecurity will help fuel (and protect) an estimated $5.3trillion in private sector digital Value at Stake in the next 10 years. This is the kind of numbers boards cannot afford to overlook.

Tangible estimates like this one, however, are painfully rare in the cyber security space. Indeed, concepts relating to cybersecurity are both multi-facetted and very elusive – making them notoriously hard to measure. Furthermore, good cybersecurity is defined by the absence of breaches or losses. Observing what is not happening is a challenging – if interesting – endeavour.

A stringent example of this measurement problem can be found in a recent BCG research on Total Societal Impact. To their credit, cybersecurity is mentioned fairly extensively throughout the report as a key component of a firms’ ESG (Environmental, Social & Governance) strategy – although not consistently across industry sectors.

The issue arises when it comes to quantifying that intuition. The BCG for example reports finding a significant link between “Securing business and personal data” and a firm’s valuation. Looking into the appendix of the report, the problem lies in the fact that this concept seems to be operationalized through a series of somewhat vague dummy (0/1) variables. Examples of such metrics include whether “measures to ensure customer security” have been taken, or whether an information security management system has been implemented.

This is not only overly-simplistic – hiding key nuances in levels of cybersecurity maturity across firms – but it also encourages “tick-in-the-box” approaches to cybersecurity which have plagued the field for ages. Tellingly, no quantitative results are actually presented for cybersecurity in the report.

This lack of details around the quantification of the tangible value of following cybersecurity best practices is a problem. In fact, we believe it is an important reason why the issue is still shifting in and out of most boards’ radars. Gut feeling alone does not make for a strong-enough case: Top executives are increasingly asking “Show me the data”.

Beyond the fact that measuring success in the cybersecurity is very hard, another issue is the stringent lack of meaningful data.

This is a really big problem in the field of cyber insurance, for example, which struggles to fit its traditional actuarial models around the scarce data they can get a hold of. The reason for that is quite simple: most organizations are still very reluctant to share what they perceive as highly sensitive cybersecurity data (assuming they even have them to start with).

We also talked about this problem in the context of training defensive AI for cybersecurity, but this scarcity of reliable InfoSec data hinders generally much-needed research and results.

Being able to show key stakeholders in business terms what exactly is the tangible value-added of cybersecurity will be key in finally anchoring the topic at the right level of organizations.

Money – and data ­– talk. And boards usually listen. But we’re not there yet and cybersecurity looks definitely like a promising path for data-driven research.

  • Experfy Insights

    Top articles, research, podcasts, webinars and more delivered to you monthly.

  • Jean-Christophe Gaillard

    Tags
    Businessbusiness metricsBusiness ValueCyber InsuranceCybersecurity
    Leave a Comment
    Next Post
    Four challenges to AI adoption and their solutions

    Four challenges to AI adoption and their solutions

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    More in Future of Work
    Future of Work
    Where Will, the Future of Work, Take Place? (Office, Remote, or Hybrid)

    Changes in machine learning and advances in automation have already changed work for many industries. Still, the COVID-19 pandemic and recent labor shortages forced many brands to rethink what the future of work will look like going forward. The U.S. Bureau of Labor Statistics recently reported a dropping unemployment rate of 4.2% during the fourth

    4 MINUTES READ Continue Reading »
    Future of Work
    7 Tech Companies Changing the Future of Work

    Much has been reported about the impact of the COVID-19 pandemic in the traditional workplace. The effects of the pandemic are expected to be long-lasting, making it challenging for companies across all industries to keep operations running smoothly. Globally, companies had to be agile and adapt to a new normal, in addition to dealing with

    5 MINUTES READ Continue Reading »
    AI & Machine Learning,Future of Work
    AI’s Role in the Future of Work

    Artificial intelligence is shaping the future of work around the world in virtually every field. The role AI will play in employment in the years ahead is dynamic and collaborative. Rather than eliminating jobs altogether, AI will augment the capabilities and resources of employees and businesses, allowing them to do more with less. In more

    5 MINUTES READ Continue Reading »

    About Us

    Incubated in Harvard Innovation Lab, Experfy specializes in pipelining and deploying the world's best AI and engineering talent at breakneck speed, with exceptional focus on quality and compliance. Enterprises and governments also leverage our award-winning SaaS platform to build their own customized future of work solutions such as talent clouds.

    Join Us At

    Contact Us

    1700 West Park Drive, Suite 190
    Westborough, MA 01581

    Email: support@experfy.com

    Toll Free: (844) EXPERFY or
    (844) 397-3739

    © 2023, Experfy Inc. All rights reserved.