There’s no question that CFOs are increasing spending on cyber-security. While many are doing so in an effort to protect against threats, others also see cyber-security investment as an opportunity to innovate.
More CFOs are viewing cyber-security less as a “cost center” and more as a revenue generator.
When asked how much they expected their company’s cyber-security spending to change in the next 12 months, 41 percent of the CFOs recently surveyed by Cisco said they expect it to increase “significantly.” Another 46 percent said they expect it to increase “somewhat. When asked how much the availability of business benefit metrics would affect their decision to invest in cyber-security, 38 percent of CFOs said they would be “much more likely to invest.” Another 43 percent said they would be “somewhat more likely to invest.”
Going digital clearly fuels business opportunities within the private sector by connecting people, processes, data and things. But it also increases vulnerability to cyber-attacks. Successful hacks disrupt business, erode consumer confidence and impact an organization’s reputation.
The Ponemon Institute’s 2014 Cost of Data Breach Study: United States puts the average cost for each lost or stolen record at $201, and the total average 2014 cost paid by organizations at $5.9 million for each data breach, up from $5.4 million in 2013. The surging costs are attributable to the “loss of customers following the data breach due to the additional expense required to preserve the organization’s brand and reputation.”
Steve Durbin, managing director of the Information and Security Forum, points out that while organizations can make sure systems are hardened and back up and running, that “trying to manage a reputation in the course of public opinion is tremendously difficult.”
There is growing evidence that digital-focused cyber-security innovations and strategies can both neutralize the time and intelligence advantages hackers develop. Through digitization, organizations can also create significant business advantage for operational responsiveness, adaptability and learning, customer experience and loyalty, risk mitigation and overall competitiveness.
The CFO of a major airline recently shared his thoughts on the shift in perception about cyber-security.
“Cyber-security is really what makes your business model operational. Without that cyber-security level you’re still in beta as a company,” he said. “You need that operational layer that’s no longer mandatory. It’s no longer defensive. It’s part of your core business.”
In his opinion, cyber-security going forward can help a company actually drive innovation.
“When they’re designing their business model around these operational elements they’re allowed to be more innovative and they’re allowed to be more agile…” he said. “Cyber-security can represent a key competitive advantage in the market when you think of it as an enabler for unlocking technology and helping a company be more nimble.”
Cyber-security as baseline
Financial executives are getting increasing pressure to not just escalate market share, but to do so in a trustworthy manner.
“More companies are reaching out to their third party providers, vendors and customers electronically, so going forward they are expected to have much more focus on a robust security strategy and the right security solutions,” Durbin said. “So now cyber-insurance is more being viewed as part of the intrinsic baseline of an organization expecting to go on a growth trajectory.”
Traditionally, he continues, cyber-security has been viewed as how strong is a company’s perimeter, how can we keep people out?
“But when it comes down to growth, financial executives see they have to investing in a certain amount to fit the purpose of both today and tomorrow,” Durbin added. “To operate effectively in cyber-space, organizations are now required to have robust cyber-security processes in place, be able to demonstrate them to investors, consumers and customers and regulate them when it’s appropriate.”
Indeed, nearly one-third of CFOs recently surveyed by Cisco said “enabling business growth” was a major consideration when considering their level of cyber-security investment.
It’s clear that cyber-security is no longer just a matter for an organization’s IT department.
“Too often cyber-security is a matter that gets relegated to the IT department,” the airline CFO said. “This is something that needs to be owned across the entire organization.”