The Protiviti View  | Insights From Our Experts on Trends, Risks and Opportunities

The Protiviti View

Insights From Our Experts on Trends, Risks and Opportunities
Search

POST

2 mins to read

IT Innovation, Part 2: Maximizing the Value of Security Investments

Views
Understand the GDPR legitimate interest vs. consent dilemma
Larger Font
2 minutes to read

As my colleague Ed Page indicated in his January 11 post, digital transformation represents one of the biggest innovation opportunities of the 21st century, and failure to respond quickly to innovation opportunities is one of the biggest risks faced by any business today.

A recent Protiviti white paper, Catching the Digital Wave of Change, points out that no industry is isolated from the challenges and opportunities of disruptive technology. Wearable technology, driverless cars, the Internet of Things, robotics, blockchain, biometrics, drones and nanotech are but a few examples of disruptive technologies that leaders of the future are harnessing today. In many cases, however, while business leaders recognize the opportunities, their IT counterparts struggle to deliver the digital innovation, hamstrung by day-to-day operational challenges and associated budget pressures.

It’s not for lack of trying. Over the past decade, IT departments have been reducing operations and maintenance costs consistently. Most of these savings, however, have gone to fund other priorities, the biggest being security, which now accounts for 16 percent of the average IT budget, according to our most recent benchmarking study of technology trends. Taking into account other priorities, including compliance and system enhancements, mature businesses are left with only 13 percent of their budgets free for innovation.

With a strained budget, it then becomes critical for IT leaders to prioritize spending according to top-down strategic risks. Cybersecurity is one area ripe for such prioritization.

I see too many businesses look at cyber as a generic risk that must be avoided, without taking the time to clearly define the organization’s risk appetite and the adverse business outcomes that they are concerned about. As a result, many businesses end up focusing on the wrong things, reacting to technical vulnerabilities rather than focusing on the desired business outcomes. This, in turn, causes many security programmes to become a drain on resources, without delivering significant results in terms of risk reduction of the business outcomes that the business is most concerned about. Conversely, when IT leaders look at information security risks more holistically, focusing on strategies to manage adverse business outcomes rather than every technical weakness, they end up investing in very different things and adopting very different strategies.

In other words, IT leaders need to step back and ensure that they are getting the results they want from their cybersecurity investments. This means focusing on protecting what’s important (the “crown jewels”) rather than trying to achieve the impossible and completely locking down the entire perimeter; keeping up with the cyber threat landscape to know what kind of attacks are most likely to occur; and being proactive about incident response so that systems can be put back online with minimum impact to the business. Without this discipline, cybersecurity will continue to consume larger and larger portions of the IT budget. Innovation will suffer and the business may ultimately fail — not because a cyber threat is realized, but because the disproportional and unfocused spending on one operational risk has distracted the business from the more strategic risk of failing to mount a competitive response to new entrants and/or innovators.

Was this post helpful to you?

Thanks for your feedback!

Subscribe to The Protiviti View Blog

To face the future confidently, you need to be equipped with valuable insights that align with your interests and business goals.

In this Article

Find a similar post by topics

Authors

Jonathan Wyatt

By Jonathan Wyatt

Verified Expert at Protiviti

EXPERTISE

No noise.
Just insights.

Subscribe now

Related posts

Article

What is it about

What you need to know: Aging systems, data silos, regulatory pressures and talent gaps complicate enterprise transformation for public utilities....

Article

What is it about

The top priority for healthcare internal auditors this year is cybersecurity, according to a survey by Protiviti and the Association...

Article

What is it about

The big picture: C-suite leaders in traditional aerospace and defense (A&D) companies are launching and growing their aftermarket services and...

Search