Why aligning cybersecurity to business objectives works

A new report from Accenture has identified ‘cyber transformers’ — companies that strike a balance between excelling at cyber resilience and aligning with the business strategy to achieve better outcomes.

The State of Cybersecurity Resilience 2023 report is based on a survey of 3000 global security and business executives. It found that organisations where cybersecurity programs and business objectives are aligned are 18% more likely to achieve revenue growth targets and 26% more likely to lower the cost of breaches or other cybersecurity incidents.

“The accelerated adoption of digital technologies like generative AI — combined with complex regulations, geopolitical tensions and economic uncertainties — is testing organisations’ approach to managing cyber risk,” said Jacqui Kernot, Security Lead ANZ at Accenture.

“In this rapidly changing environment, businesses leaders need to embed cybersecurity into the fabric of their digital core transformation efforts to become business resilient. This is one of the key differentiating traits of cyber transformers, who demonstrate that they are better equipped to drive successful business outcomes.”

Four characteristics set cyber transformers apart from other companies:

• They excel at integrating cybersecurity and risk management. Cyber transformers integrate a cyber risk-based framework into their enterprise risk management program; have their cybersecurity operations and executive leadership agree on the priority of assets and operations to be protected; and consider cybersecurity risk to a great extent when evaluating overall enterprise risk (65% vs 11%).
• They leverage cybersecurity-as-a-service to enhance security operations. Cyber transformers are more likely than others to use managed services providers to administer cybersecurity operations (40% vs 24%).
• They are more committed to protecting their ecosystem. Cyber transformers are more likely than others to take such actions as incorporating their ecosystem or supply chain partners into their incident response plan (45% vs 37%) and to require them to meet strict cybersecurity standards (41% vs 29%).
• They rely heavily on automation. Cyber transformers are far more likely than others to rely heavily on automation for their cybersecurity programs (89% vs 57%). In addition, 96% of all respondents whose organisations substantially automate their cybersecurity said that automation helps them alleviate cyber talent shortages — a key challenge for any company seeking cyber resilience.
   

“While organisations are taking steps to better align cybersecurity programs with business goals, there is still plenty of room for improvement, with more than 60% of respondents still falling victim to successful breaches coming from outside their organisations,” Kernot said.

“Working more effectively across the C-suite and ensuring that security efforts have a positive business impact require a business-led CISO who acts as an educator and collaborator with non-security leaders.”

The report highlights that organisations that embed three key cybersecurity actions into their digital transformation efforts and apply strong cybersecurity practices across the organisation are nearly six times more likely to experience more effective digital transformations than those that don’t do both. The cybersecurity actions that organisations can take to increase the success and satisfaction of their digital transformations are:

• Require cybersecurity controls before all new business services and products are deployed.
• Apply cybersecurity incrementally as each digital transformation milestone is achieved.
• Appoint a cybersecurity representative as part of the core transformation team who orchestrates cybersecurity across all transformation initiatives.
   

Image credit: iStock.com/Andrii Yalanskyi