Security operations · 3 MIN READ · MATT DUBIE · DEC 5, 2023 · TAGS: Expel report / Managed security / MDR / Metrics / Planning
One of the goals of our recent study with the Cloud Security Alliance (CSA), and the resulting report, Security-Enabled Innovation and Cloud Trends, was to find out if organizations are realizing the desired outcomes of their investments in security to advance innovation.
We asked respondents what would drive their orgs to implement new security measure(s)—in other words, what would be their desired outcomes of security investments—and the top two answers were “Increased trust from customers and partners” (60%) and “Reduced risk of data breaches and cyberattacks” (57%). The good news is that when we asked about the actual outcomes from investments to improve the security measures that enable innovation, respondents reported the same top two answers.
In contrast, despite respondents recognizing security to be a competitive advantage, it was at the bottom of the list both in terms of desired and actual outcomes. (We’ll come back to this.)
What does this mean? We and the CSA see two possibilities. The first is that orgs have become more proficient at anticipating the benefits of their security investments. The second is that they’re instead manifesting the innovation advantages they desire. We hope the real answer is the first possibility. But whether it’s hiding behind door number one or door number two, increasing trust and reducing risk are two strong outcomes to get from security investments that drive innovation.
And the fact is that these two outcomes are linked. If a company is better equipped to handle security incidents, that company’s customers trust it more. These benefits are somewhat tangible, and within the control of the organization. On the other hand, the low numbers associated with competitive advantage could be because that’s largely intangible, with many outside factors determining a company’s competitiveness.
The cost of security-enabled innovation
We asked respondents to assess the impact of security-enabled innovation on the cost of business, and the responses were interesting. The majority believe it will either somewhat (30%) or significantly (28%) reduce costs overall. That’s what we like to hear! But the third most common response was that it would somewhat increase costs (26%)—that figure is within shouting distance of the top two spots, and is enough to be a concern.
As the CSA points out, these results may suggest that respondents are taking into account whether the innovations themselves will increase or decrease the cost of doing business. This is definitely a good question to consider, as orgs consider the long-term implications of security investments.
We’re encouraged that orgs are seeing the results they expect from their security investments, and that focusing on investments that improve innovation will result in lower costs. To us, this means that many leadership teams are seeing that security isn’t a cost-center, but rather a business enabler, one that sets a foundation for positive business outcomes.
This is all an excellent reminder that return on investment (ROI) in cybersecurity comes down to a lot more than simple dollars and cents. Of course, implementing security measures requires an investment of money, human capital, time, and more. But the ROI will reach every corner of the org, as we see from the CSA research.
Take a look at the actual outcomes that respondents experience:
Are there any outcomes on that list your company wouldn’t want?
Increased trust from customers and partners will pay dividends across the board, making it easier for the sales team to close deals, customer success to retain customers, and marketing to promote your forward-thinking approach to target audiences. And it certainly doesn’t hurt that you can highlight this success to the rest of the C-suite and the board of directors.
And how much will the engineering and development team champion your team if you help get their product to market faster? Your entire company should support any efforts that helps drive company growth and improve competitive advantage.
Regardless of where your priorities stack up, security-enabled innovation can and will pay dividends throughout your org, and there are no compelling reasons to remove security from the innovation equation. Doing so would not only open your org up to unnecessary risk, but could ultimately prevent your innovation initiatives from achieving their desired outcomes.
You can read more about this by checking out our Security-Enabled Innovation and Cloud Trends report.
And if you’d like to discuss how Expel can help enable your org’s innovation, drop us a line.