How can cybersecurity go beyond value protection to value creation?

Only 43% of cybersecurity functions are meaningfully involved in helping other functions adopt AI.

"Secure Creators" (organizations with more advanced cybersecurity functions than their peers) were more likely to help other business functions implement AI than "Prone Enterprises" (48% vs. 31%).

37% of organizations are utilizing over 50 cybersecurity tools.

58% of CISOs and cybersecurity executives say it is difficult to articulate their value beyond risk mitigation.

73% of the study's cohort of "Secure Creators" (organizations with more advanced cybersecurity functions than their peers) believe their ability to add value will grow in the future.

23% of study respondents completed a technology rationalization effort in the last two years.

Cybersecurity contributes 11% to 20% in value to each enterprise-wide strategic initiative it is involved in.

41% of respondents are undertaking a technology rationalization effort.

Only 13% of CISOs in the study said they were consulted early when urgent strategic decisions were being made.

For each initiative that involves cybersecurity, the median value creation figure is US$36m. This figure varies significantly by organization size, ranging from a median of US$11m per project for organizations with US$1b-US$4.9b in revenue, up to US$154m for companies with US$20b or more in annual revenue6.

41% of respondents are in the process of simplifying their tech platform.

"Secure Creators" (organizations with more advanced cybersecurity functions than their peers) require smaller budgets — 10% smaller on average — and are less likely to cite budgets as a key challenge.

"Secure Creators" (organizations with more advanced cybersecurity functions than their peers) were more likely to have positively impacted how external stakeholders perceive their brand (72% vs. 56% of Prone Enterprises).

The study found that cybersecurity simplification and automation have led to direct cost savings, with a median US$1.7m saved annually.

"Secure Creators" (organizations with more advanced cybersecurity functions than their peers) were more involved in efforts to improve customer experience than their peers (53% vs. 42%).

Cybersecurity contributes 11% to 20% in value to each enterprise-wide strategic initiative it is involved in.

Automation efforts have decreased respondents' mean time to detect (MTTD) and mean time to respond (MTTR) by 28%, on average.

74% of respondents reported they invested savings from optimization, automation, and outsourcing to address control weakness.

46% of respondents used savings from optimization, automation, and outsourcing to increase coverage of the attack surface.

Organizations use a median of 35 different cyber tools.

18% of respondents have simplified their tech platform.

Two-thirds (68%) of respondents used the cost savings generated from optimization on innovation and other AI initiatives.

Six in 10 respondents point to increased visibility across attack surfaces due to automation efforts.

Cybersecurity budgets as a percent of annual revenue have decreased over the last two years, from 1.1% to 0.6%.