{"id":1949,"date":"2019-09-13T02:59:03","date_gmt":"2019-09-13T02:59:03","guid":{"rendered":"http:\/\/kusuaks7\/?p=1554"},"modified":"2024-04-15T14:52:32","modified_gmt":"2024-04-15T14:52:32","slug":"the-business-value-of-cybersecurity","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/future-of-work\/the-business-value-of-cybersecurity\/","title":{"rendered":"The Business Value of Cybersecurity"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Tangible business metrics are key but hard to find<\/h2>\n<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tCybersecurity is rising as a key issue on the radar of virtually all organisations. According to a recent AT Kearney report<\/a>, cyber-attacks have been topping executives\u2019 lists of business risks for three straight years. This concern is also driven by security and privacy becoming increasingly valued by customers, and by regulators stepping into the topic (GDPR in Europe, California Consumer Privacy Act of 2018).\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tBeyond this, it is now becoming crystal clear that cybersecurity \u2013 beyond good practice and good ethics \u2013 is quite simply good business<\/a>. As a recent Cisco study<\/a> made clear, cybersecurity will help fuel (and protect) an estimated $5.3trillion in private sector digital Value at Stake in the next 10 years. This is the kind of numbers boards cannot afford to overlook.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tTangible estimates like this one, however, are painfully rare in the cyber security space. Indeed, concepts relating to cybersecurity are both multi-facetted and very elusive \u2013 making them notoriously hard to measure. Furthermore, good cybersecurity is defined by the absence <\/em>of breaches or losses. Observing what is not <\/em>happening is a challenging \u2013 if interesting \u2013 endeavour.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tA stringent example of this measurement problem can be found in a recent BCG research on Total Societal Impact<\/a><\/em>. <\/em>To their credit, cybersecurity is mentioned fairly extensively throughout the report as a key component of a firms\u2019 ESG (Environmental, Social & Governance) strategy \u2013 although not consistently across industry sectors.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\nThe issue arises when it comes to quantifying that intuition. The BCG for example reports finding a significant link between \u201cSecuring business and personal data\u201d and a firm\u2019s valuation. Looking into the appendix of the report, the problem lies in the fact that this concept seems to be operationalized through a series of somewhat vague dummy (0\/1) variables. Examples of such metrics include whether<\/em> \u201cmeasures to ensure customer security\u201d have been taken, or whether <\/em>an information security management system has been implemented.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tThis is not only overly-simplistic \u2013 hiding key nuances in levels of cybersecurity maturity across firms \u2013 but it also encourages \u201ctick-in-the-box\u201d approaches to cybersecurity which have plagued the field for ages. Tellingly, no quantitative results are actually presented for cybersecurity in the report.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\nThis lack of details around the quantification of the tangible value of following cybersecurity best practices is a problem. In fact, we believe it is an important reason why the issue is still shifting in and out of most boards\u2019 radars. Gut feeling alone does not make for a strong-enough case: Top executives are increasingly asking \u201cShow me the data\u201d.<\/em>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\nBeyond the fact that measuring success in the cybersecurity is very hard, another issue is the stringent lack of meaningful data.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tThis is a really big problem in the field of cyber insurance<\/a>, for example, which struggles to fit its traditional actuarial models around the scarce data they can get a hold of. The reason for that is quite simple: most organizations are still very reluctant to share what they perceive as highly sensitive cybersecurity data (assuming they even have them to start with).\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tWe also talked about this problem in the context of training defensive AI<\/a> for cybersecurity, but this scarcity of reliable InfoSec data hinders generally much-needed research and results.\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tWe also talked about this problem in the context of training defensive AI<\/a> for cybersecurity, but this scarcity of reliable InfoSec data hinders generally much-needed research and results.\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tBeing able to show key stakeholders in business terms what exactly is the tangible value-added of cybersecurity will be key in finally anchoring the topic at the right level of organizations.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\nMoney \u2013 and data <\/em>\u00ad\u2013 talk. And boards usually listen. But we\u2019re not there yet and cybersecurity looks definitely like a promising path for data-driven research.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

Cybersecurity is rising as a key issue on the radar of virtually all organisations. According to a recent AT Kearney report, cyber-attacks have been topping executives\u2019 lists of business risks for three straight years.<\/p>\n","protected":false},"author":529,"featured_media":3931,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[182],"tags":[373,763,762,692,127],"ppma_author":[3178],"class_list":["post-1949","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-future-of-work","tag-business","tag-business-metrics","tag-business-value","tag-cyber-insurance","tag-cybersecurity"],"authors":[{"term_id":3178,"user_id":529,"is_guest":0,"slug":"jean-christophe-gaillard","display_name":"Jean-Christophe Gaillard","avatar_url":"https:\/\/www.experfy.com\/blog\/wp-content\/uploads\/2020\/04\/medium_b55e5afa-fb86-428a-a054-3be0451df2a4-150x150.jpg","user_url":"https:\/\/www.corixpartners.com","last_name":"Gaillard","first_name":"Jean-Christophe","job_title":"","description":"Jean-Christophe Gaillard\u00a0is Managing Director and Founder at Corix Partners. He is also a Non-Executive Director with\u00a0Strata Security Solutions<\/a>, a specialized cybersecurity firm. He has been co-president of the Cyber Security group of the\u00a0Telecom Paris Tech alumni association<\/a>\u00a0since May 2016. He is the author of \u201cCyber Security: The Lost Decade<\/a>\u00a0\u2013 A Security Governance Handbook for the CISO and the CIO\u201d, He contributes regularly to\u00a0The Digital Transformation People<\/a>,\u00a0Business 2 Community<\/a>, and\u00a0IoTforAll<\/a>\u00a0platforms, as well as the\u00a0Business Transformation Network<\/a>. He is an expert contributor on the\u00a0CIO Water Cooler<\/a>\u00a0and has previously published articles on\u00a0InfoSecurity<\/a>\u00a0Magazine, \u00a0Computing<\/a>, the C-Suite.co.uk,\u00a0Info Sec Buzz<\/a>\u00a0and the\u00a0IoD Director<\/a>\u00a0websites."}],"_links":{"self":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/1949","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/users\/529"}],"replies":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/comments?post=1949"}],"version-history":[{"count":9,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/1949\/revisions"}],"predecessor-version":[{"id":36606,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/1949\/revisions\/36606"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media\/3931"}],"wp:attachment":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media?parent=1949"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/categories?post=1949"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/tags?post=1949"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=1949"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}