Align Cybersecurity Programs to Drive Revenue Growth and Mitigate Breach Costs

By Greg Tavarez, TMCnet Editor  |  June 19, 2023

Cyber incidents have escalated in frequency and sophistication, posing significant risks to businesses of all sizes. Among them, the world has seen the SolarWinds supply chain attack, the Colonial Pipeline ransomware attack, the Microsoft (News - Alert) Exchange Server vulnerabilities and the Accellion data breach.

However, no matter the type of cyber incident (from data breaches and intellectual property theft to ransomware attacks and regulatory non-compliance), organizations face a multitude of threats that can disrupt operations and tarnish reputations.

This is why the alignment of cybersecurity programs with business objectives has become a critical priority for organizations worldwide. Safeguarding sensitive data, maintaining business continuity and complying with regulations are just a few reasons why this alignment is crucial.

In fact, according to new research conducted by Accenture, organizations that closely align their cybersecurity programs with their business objectives experience several positive outcomes. The study revealed that these organizations are 18% more likely to achieve target revenue growth and market share (while improving customer satisfaction), as well as 26% more likely to lower the cost of cybersecurity breaches or incidents, on average.

The report identified a group of companies that are leading the way in their cybersecurity efforts. These companies, or “cyber transformers,” account for 30% of respondents. They strike a balance between excelling at cyber resilience and aligning with the business strategy to achieve better business outcomes.

There are four characteristics that set cyber transformers apart from other companies:

The first is excelling at integrating cybersecurity and risk management. Cyber transformers integrate a cyber risk-based framework into their enterprise risk management program; have their cybersecurity operations and executive leadership agree on the priority of assets and operations to be protected; and consider cybersecurity risk to a great extent when evaluating overall enterprise risk.

The second characteristic is that they leverage cybersecurity-as-a-service to enhance security operations. Accenture (News - Alert)'s research found that cyber transformers (coming in at 40%) are more likely than others to use managed services providers (MSPs) to administer cybersecurity operations.

The third characteristic? Well, cyber transformers are more committed to protecting their ecosystem. This simply means that they are more likely than others to take actions such as incorporating their ecosystem or supply chain partners into their incident response plan and to require them to meet strict cybersecurity standards.

Finally, the last characteristic that sets them apart is that they rely heavily on automation for their cybersecurity programs. In addition, 96% of all respondents whose organizations substantially automate their cybersecurity said that automation helps them alleviate cyber talent shortages — a key challenge for any company seeking cyber resilience.

“The accelerated adoption of digital technologies like generative AI — combined with complex regulations, geopolitical tensions and economic uncertainties — is testing organizations’ approach to managing cyber risk,” said Paolo Dal Cin, Global Lead of Accenture Security.

Although there are some signs that organizations are making efforts to align cybersecurity programs with business objectives, there is significant room for improvement. According to Jacky Fox, Accenture Security Lead for Europe, more than 60% of respondents still experience successful breaches from external sources. To address this, it is crucial to enhance collaboration and effectiveness across the C-suite, especially with a business-led chief information security officer.

Organizations can also embed three cybersecurity actions into their digital transformation efforts and apply strong cybersecurity practices across their organization. The cybersecurity actions that organizations can take to increase the success and satisfaction of their digital transformations are:

  • Require cybersecurity controls before all new business services and products are deployed.
  • Apply cybersecurity incrementally as each digital transformation milestone is achieved.
  • Appoint a cybersecurity representative as part of the core transformation team who orchestrates cybersecurity across all transformation initiatives.

According to the report, organizations that embed these three cybersecurity actions into their digital transformation efforts and apply strong cybersecurity practices are nearly six times more likely to experience more effective digital transformations than those that don’t.

“Businesses leaders need to embed cybersecurity into the fabric of their digital core transformation efforts to become business resilient,” said Dal Cin.

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]