Cybersecurity Teams Drive Average Business Growth of $36 Million

Cybersecurity teams have emerged as crucial drivers of business growth, with a notable median contribution of $36 million per enterprise initiative they partake in.

Despite this strong performance, a recent survey conducted by Ernst & Young (EY) reveals a troubling trend: cybersecurity budgets across organizations have decreased significantly, falling from 1.1% to 0.6% of annual revenue within the last two years. This reduction indicates that many companies fail to view investments in cybersecurity as opportunities for value creation.

The report highlights an alarming statistic: merely 13% of Chief Information Security Officers (CISOs) are consulted in the early stages of urgent strategic decisions. Additionally, 58% of respondents expressed challenges in effectively communicating the value of cybersecurity efforts beyond mere risk mitigation.

The researchers urge CISOs to leverage insights from such studies to articulate their evolving role as key business executives to the board. There is an essential need for CISOs to be more actively involved in decision-making processes from the outset.

How Security Teams Create Business Value

According to the EY study, cybersecurity functions contribute between 11% to 20% of the value generated through enterprise-wide initiatives they are involved in. The financial impact varies widely based on organizational size, with a median contribution of $11 million per project for organizations generating $1-4.9 billion annually, rising to $154 million for those with revenues exceeding $20 billion.

The research identified a specific subgroup referred to as “Secure Creators.” These individuals engage more deeply and earlier in their organizations’ pivotal initiatives and foster business growth through several key avenues:

– Assisting in the secure implementation of AI and other high-growth technologies, thereby gaining a competitive market edge.
– Enhancing external stakeholder perceptions of their brand by preventing potential losses during cyberattacks such as ransomware and ensuring secure data transfers.
– Elevating customer experience by bolstering internal communication security, facilitating improved customer service, and accelerating issue resolution.
– Addressing security risks associated with entering new markets in the early stages, preemptively mitigating potential challenges.

Rudrani Djwalapersad, EY Global Cyber Risk and Cyber Resilience Lead, emphasized the value of early CISO involvement in strategic initiatives, noting that it allows for the integration of security measures into business planning from the ground up. Such involvement not only enhances adoption speed but also builds consumer trust.

Furthermore, the rapid integration of AI presents a unique opportunity for CISOs to elevate their roles to executive levels. Currently, only 43% of cybersecurity functions are significantly involved in supporting the adoption of AI across functions.

Cybersecurity leaders should focus on streamlining AI deployment within their organizations by optimizing legacy technology tools and simplifying cybersecurity solutions to reduce costs. This strategy will facilitate the swift scaling of new AI technologies, such as agentic AI, thus providing a competitive advantage.

The report concluded by underscoring the importance of CISOs positioning themselves as strategic partners in executing AI initiatives, thereby earning trust and securing a seat at the table for broader transformation efforts.

This study incorporated responses from 550 C-suite and cybersecurity leaders across 16 industries and 19 countries within the Americas, Asia-Pacific, and Europe, the Middle East, India, and Africa (EMEIA).