How a strong cyber security posture helps organizations achieve innovation
If you ask most executives why it’s important to invest in cyber security, their answers are likely to focus on the defensive benefits, particularly in healthcare organizations.
They’ll talk about potential downtime, the risks of ransomware on the continuity of patient care, protecting patients’ privacy and avoiding HIPAA violations, and avoiding bad PR. With massive data breaches bedeviling large organizations spanning from Anthem to Banner Health, it’s hard to blame these executives for viewing cyber security purely through a protective lens.
But according to new research from Cisco, this viewpoint may be shortsighted. The report, entitled “Cyber security as a Growth Advantage,” found that cyber security also plays a major role in pushing forward innovation and speeds up the development of digital products.
Joel Barbier was the lead investigator; he is a director in the Cisco Digitization Office and a visiting faculty at the Global Center for Digital Business Transformation at IMD, Lausanne. He and his colleagues decided to launch the study after noticing that Cisco clients were conducting cost-benefit analyses on cyber security and coming up short.
“We saw a discrepancy between the importance that business executives were placing on cyber security and the relatively low economic value that we were finding looking at just the defensive aspects,” Barbier said. “The economic findings didn’t tie with the importance of cyber security ascribed by business executives.”
This meant that there must be other benefits to cyber security beyond defense. To test this theory, Barbier and his colleagues surveyed 1,014 senior executives in 10 countries and then followed up with 11 in-depth interviews with senior executives.
“We interviewed people to understand further how they viewed cyber security and what value they placed in it,” Barbier explained. “And as we started to look at the survey results, a different view began to emerge, and that is that organizations often choose a wait-and-see approach to new products when they don’t think security is good enough. It became obvious to us that in order to compete, organizations needed to take a more proactive approach with security.”
Of the executives surveyed, 64 percent said they “recognize that cyber security is a vital foundation for their digital growth strategies, citing it as a significant driver of success for digital products, services and business models.” What’s more, 71 percent responded that “concerns over cyber security are impeding innovation in their organizations” while 40 percent “stated that they had halted mission-critical initiatives due to cyber security issues.”
While the researchers could identify seven use cases in which cyber security generated defensive benefits, they also found more than 400 use cases for how it would drive $7.6 trillion in value over the next decade.
As but one example, more organizations are considering integrating Internet of Things devices into their product offerings, but only those that have comprehensive security measures in place are actually moving forward on these innovations, while less secure organizations are hesitant to risk exposing data.
“For example, even though it’s possible to hack a personal vehicle, Tesla has chosen to have an IP platform where they connect their vehicle and track what their vehicles are doing,” said Barbier. “Because they feel secure enough to take risks, they’re taking market share, they’re creating value.”
The study found that a high opportunity-to-risk ratio results in the biggest innovations. “Secure digitizers said they feel prepared to address potential cyber security risks in key digital technology areas — analytics, IoT and cloud computing,” the authors wrote. “As a result, secure digitizers are more confident about incorporating digital technologies into their businesses. This allows them to innovate faster and accelerate time to market.”
Luckily, more organizations are recognizing these benefits and allocating money toward cyber security. “I think as industry standards are established, more companies are promoting what they’re doing from a cyber security perspective,” said Barbier “They’re essentially more transparent that they’re embedding security through their value chain, and as people become more aware of those value chains, then these companies are able to differentiate themselves.”
In other words, cyber security is no longer just a means to avoiding a PR disaster, but rather it’s become a necessity for engendering digital innovations, goodwill and user loyalty, as well as driving revenue growth. Those organizations that refuse to invest in it are doomed to be left behind.
Simon Owens is a blogger with The Society for Information Management; Follow SIM here.