COVID-19 and the rapid shift to work from home practices have dramatically escalated boardroom awareness of cybersecurity risk. That’s great, because while hackers look to take advantage of the chaos and disruption of the pandemic, CISOs and CIOs are working to make sure their businesses can stay safely connected.
Fortunately, in many cases, CISOs, CIOs and directors are redefining their roles in corporate value creation and protection along the way. This certainly will pay dividends down the road, as leaders navigate today’s crash course on how quickly cybersecurity risk evolves and how critical it is to be able to anticipate and respond in real-time.
Cybersecurity is now viewed as a strategic value protector, not a cost center
As the percentage of the global economy that runs on digital continues to increase—International Data Corporation (IDC) estimates that 52 percent of global GDP will be driven by digital-transformed enterprises by 2023[1]—the need to protect business value and the digital systems that create it demands that companies continue evolving cybersecurity risk oversight and management.
As the digital stakes rise, so will the digital risks. Many hackers will continue to invest, innovate and work to outmaneuver cybersecurity defenses. Why not? To a large degree, it’s been working.
Solving the challenges with managed security
The rapid growth of managed cybersecurity services is in direct response to these issues and reflects the unique risks that exist in cybersecurity and how difficult they are to manage. There are several key drivers that corporate directors need to be aware of to understand the trend toward managed services.
The managed services value arbitrage
There’s a growing recognition that benchmarking costs for the provision of cybersecurity protection is mostly meaningless, for one simple reason. Cybersecurity isn’t a cost center. It’s insurance.
This means that the cost of cybersecurity is only meaningful in the context of the value that is being protected—which is unique to every company. Corporate boards are much better served by asking, “What’s the value of what we’re trying to protect, and how secure is it for what we’re spending?” as opposed to “What’s our cybersecurity budget?”
Unlike the trend of outsourcing a function or capability to reduce costs, the business decision to protect digital value is being driven by the need for a more effective cybersecurity outcome: It’s about value arbitrage, not cost arbitrage.
Many business leaders are also beginning to understand that cybersecurity can be much more effective and efficient if they work with a strategic partner rather than via internal capabilities.
This is true because of several factors that most businesses cannot control, no matter how hard they try.
