In many organizations, the cybersecurity department has an unfortunate reputation as the inhibitor to innovation, rather than an enabler—likely a carryover from the days when the threat landscape was more limited and less sophisticated than it is now. Cautious security admins would nevertheless incorporate steps into the product development process to ensure new offerings or features wouldn’t introduce security risk. The cautious approach—while critical for protecting the business—was often seen as delaying strategic initiatives. However, we’re long past the days when product teams can ignore security controls until late stages of development, whilst hoping for the security team to complete a quick evaluation and rubber stamp a new offering as inherently safe. The threat landscape is vast, it’s complicated, and it’s constantly evolving. This means security-enabled innovation is a must for any company working hard to stay ahead and competitive in its market. But what does the data say?
General Manager & VP of International Business at Expel. Chris is leading Expel’s expansion into EMEA.
Security and innovation
The Cloud Security Alliance (CSA) recently conducted a study to examine the intersection of security and innovation. The purpose of the research was to untangle the intricate relationship between the two, shedding light on how security is perceived within the organizational framework, its role in driving innovation, outcomes of security-enabled innovation, and other cloud use trends. The survey captured the perspectives of 1,000+ IT and security professionals from a diverse range of organizations, offering a wealth of insights into the prevailing attitudes and trends shaping these dynamic fields.
Sixty-five percent of C-level or executive respondents reported that security is an enabler of innovation, and a further 51% of that cohort said that a strong security posture significantly increases an organization's competitive advantage. The report went on to say:
Generally, organizations have a positive attitude toward security and its integral role in innovation. Security is prioritized during product development and is seen as a competitive advantage, particularly concerning cloud strategy. Moreover, organizations regard security as crucial in nurturing a culture of innovation, with the majority predicting an increasing interdependency over the next five years.
This is obviously great news, but this sort of alignment doesn’t happen organically. Security-enabled innovation requires intentional investment, which is no easy task given that companies want innovation to happen at breakneck speeds. Especially as artificial intelligence (AI) evolves and affects just about every industry, the race is on for orgs competing to be the first to market with their innovations. And AI is just one example. The metaverse, self-driving cars, space tourism, and more were considered to be strictly science fiction just a few years ago, but are now experiencing rapid innovation.
Survey
Let’s look at what survey respondents said about the actual outcomes of security-enabled innovation investments. It’s no surprise that the two most popular answers to the question, “Which positive outcomes has your organization experienced due to improved security measures that enable innovation?” (and selecting all that apply), were increased trust from customers and partners (53%), and reduced risk of data breaches and cyberattacks (52%). But the next three answers were:
● Faster time to market for new products (42%)
● Greater operational efficiency (41%)
● Faster entry into new geographic markets (40%)
These results are encouraging, as organisations reap the desired benefits when they implement these measures. But dig a little deeper into the business implications and you see that businesses can’t afford to disregard security in the innovation conversation. Are there any outcomes listed above that a company wouldn’t want? And the fact that these are all part of expected return on investment (ROI) makes the case for security-enabled innovation even stronger.
Cybersecurity ROI comes down to a lot more than pounds—illustrated by the survey results. But it also shows that the additional investment of time, energy, and resources makes security less of a cost center and more of a force multiplier of innovation.
Strong communication
Cybersecurity ROI comes down to a lot more than pounds—illustrated by the survey results. But it also shows that the additional investment of time, energy, and resources makes security less of a cost center and more of a force multiplier of innovation.
So what can you do with this knowledge? Many security leaders struggle to make the case of security’s value to the C-suite and the board of directors. They often get too far into the technical weeds, which other business leaders often lack the background or experience to properly understand. We’ve seen that the most successful security leaders, including chief information security officers (CISOs), are the ones who can clearly communicate the business benefits of security (in addition to the technical ones).
The results from the CSA study provide security leaders with a strong foundation of knowledge to advocate for additional budget. The data should help CISOs, who are tasked with optimizing the organization's strategy, ask better questions of their colleagues across business units. Further, it helps security leaders explain the value of recommended programs to these peers, leadership, and the board.
At a time when leadership is looking at every budget line item, and putting extra scrutiny into each new investment, organizations can’t afford to allow traditional and outdated misconceptions about cybersecurity to rule the conversation. Leading the charge with security-enabled innovation at the tip of the spear is a strong way to ensure you don’t leave any budget on the table.
We've featured the best productivity tool.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
