Risk & Reward: Reconciling the conflicted views of business leaders on the value of cybersecurity

These are challenging times to run a business. High inflation, surging energy prices and rising interest rates in much of the world are taking their toll on many enterprises, their partners and their customers. Annual growth in advanced economies is predicted to be just 1.2% in 2023. In some cases, it will fall even lower than that. At the same time, the jobs market remains extremely tight, with unemployment at near-record lows in many rich countries.

It is the job of business leaders to navigate these choppy waters – managing talent acquisition and retention, keeping costs under control and finding areas to prioritise for sustainable growth. But what role do they see for cybersecurity in this?

To find out more, we commissioned Sapio Research to poll 2718 business decision makers (BDMs) in 26 countries: Australia, Austria, Belgium, Denmark, Finland, France, Germany, Hong Kong, India, Indonesia, Italy, Japan, Malaysia, Netherlands, Norway, Philippines, Saudi Arabia, Singapore, Spain, Sweden, Switzerland, Taiwan, UAE, the US and UK.

Unfortunately, the headline findings show a siloed, often contradictory view of the value of cybersecurity for the business. On the one hand, 89% of BDM respondents acknowledge the link between business and cyber risk. Yet on the other, half (51%) claim security is a necessary cost but not a revenue contributor, while a similar share (48%) argue that its value is limited to attack/threat prevention. Around two-fifths (38%) even see cyber as a barrier rather than a business enabler.

Joining the dots between business and cyber risk

It should be welcomed that nearly two-thirds (64%) of respondents plan to increase their investment in cybersecurity in 2023. But blindly splashing cash on the latest high-profile technology solutions will not help the business. It will only create more product silos and more work for stretched IT teams tasked with managing point products.

BDMs need to understand which areas require funding most urgently, taking a risk-based approach to prioritise them. Yet many seem unclear about the strategic importance of cybersecurity – even when presented first-hand with evidence. We can highlight several key areas where they’re failing to join the dots between business and cyber risk.