Recent high-profile data breaches and the continued emergence of new cyber threats have highlighted the need for strong cyber security in business. However, defences represent a significant investment, and it can be difficult for CSOs and security budget holders to demonstrate the direct return on this investment to shareholders and stakeholders.
According to the Vodafone 2018 Cyber Ready Barometer research, however, both the perception of cyber security and its impact on the bottom line of the business seem to be shifting. We spoke with thousands of decision-makers and employees to develop an Index that scored businesses against key security criteria to determine their Cyber Readiness. It became clear that businesses that make the right investments in cyber security can expect to access a range of wider business benefits, validating the link between strong cyber security and business success.
The financial impact of data breaches is just the beginning
Making the connection
At first glance, the link between cyber security and business success is not obvious – it is often seen as a hygiene factor, rather than something that has a direct impact on wider success. Any cyber security strategy aims to protect critical systems as well as sensitive and valuable data. This involves a comprehensive combination of advanced security technology, well-trained and experienced security personnel, established protocols and employee education.
In many ways, a complete lack of disruption to normal work processes could be seen as a measure of success, but this is hard to quantify and demonstrate ROI in. However, there is a clear link now emerging between cyber security and business success: across our whole sample, respondents are both aware of the importance of cyber security and link it to wider business benefits, with 90% of decision-makers identifying a positive correlation between improving cyber security and business success.
There is also a demonstrable connection between cyber security and a range of other benefits: businesses leaders tie cyber security to improved efficiency (92%), reduced downtime following disruptions (90%) and reputational gains which help attract new customers (89%).
The reasons for this correlation are related to the general approach of business leaders. In short, a business that is efficient – with streamlined processes that includes cyber security baked into everything they do – tends to have good business outcomes.
What sectors are investing the most and least in cyber security?
Prioritising reputation and trust
Taking a deeper look at the research shows ties between improved business results and the most prepared, secure and resilient organisations. Businesses that were ranked as ‘Cyber Ready’ on our Index report increased trust levels, with this group scoring 4.3 out of five stakeholder trust (from customers, employees and regulators). For the elite five per cent of businesses at the very top of the Index, this was magnified further, with a score of 4.8 out of five, helping 58% of these drive a five per cent increase in revenue.
For businesses at the opposite end of the Cyber Ready spectrum, the gap is clear. These businesses saw stakeholder trust dropping to 3.1 out of five and only 22% reporting an annual revenue rise of five per cent. From these very different results, a clear relationship can be seen between cyber readiness and business outcomes.
Maintaining a high level of stakeholder trust requires security teams to understand the needs of the business and how success is measured. Security leaders should be familiar with board-level performance metrics and the impact security has on these measures. Companies who have security in their DNA, in their values, products, services, messaging are now capturing market share. The solid foundations of strong cyber security, readiness and resilience seemingly creates a high level of confidence throughout the business. The tangible link between having a strong cyber security posture and a positive impact on business performance can ultimately enable organisations to make a clear business case for investing in security considerations and initiatives with clear financial consequences.
Report reveals the true cost of a data breach on the enterprise
It’s time to get on the front foot
In today’s climate, not being ‘Cyber Ready’ is no longer an option for organisations. Malicious actors will continue to target businesses for financial gain and organisations are now required to disclose data breaches within 72 hours of discovery under GDPR. This means that these incidents will most likely be public knowledge, with the potential to adversely affect consumer trust. Armed with the knowledge of the clear business advantages that can be gained from investments in cyber security practices, CSOs and security budget holders can justify and prioritise implementing these practices with confidence and enjoy the associated rewards.
Written by Maureen Kaplan, Cybersecurity Lead at Vodafone Group Enterprise