ESG research data demonstrates that improving cybersecurity is a business – not just an IT – priority. What does this mean for enterprise organizations? It’s become a cliché in the industry to say that cybersecurity has become a board room-level issue but what evidence do we have to support this claim? Well, here are a few tidbits from some recent ESG research that certainly lend credibility to the business-driven cybersecurity thesis (note: I am an ESG employee):When asked to identify business initiatives that are driving IT spending, 43% of respondents said, “increasing cybersecurity.” This was the top business initiative selected followed by “reducing costs” (38%), “improving data analytics for real-time business intelligence” (32%), and “ensuring regulatory compliance” (27%).On a similar vein, survey respondents were asked to identify the most important IT “meta-trend” to their organization. Forty-two percent of respondents selected, “increasing cybersecurity.” The next most popular response, “using data analytics for real-time business intelligence,” came in at 17%.69% of organizations are increasing their spending on cybersecurity in 2016. These budget increases are being approved by business managers who are now willing to spend more money to improve cybersecurity at their organizations. As if the ESG data wasn’t enough, we also know that cyber-insurance policies grew by about 35% last year. So aside from increasing cybersecurity budgets, business executives are hedging their bets by transferring risk to third-parties.I view all of this data as good and bad news. On the positive side, we’ve entered a period where business managers realize that they need good security – not just “good enough” security. So what’s the bad news? CISOs must expect to be reviewed more thoroughly based upon business metrics like ROI, cost containment, and continuous improvement. This is relatively unfamiliar territory for many cybersecurity professionals who grew up managing firewalls and mastering the CISSP Common Body of Knowledge (CBK).Over the next few years, business managers need to develop greater cybersecurity affinity while CISOs must learn to mitigate risk and detect/respond to incidents in an operationally efficient and measurable manner. These challenges will determine cybersecurity success or failure across the organization moving forward. Related content analysis 5 things security pros want from XDR platforms New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform. By Jon Oltsik Jul 07, 2022 3 mins Intrusion Detection Software Incident Response opinion Bye-bye best-of-breed? ESG research finds that organizations are increasingly integrating security technologies and purchasing multi-product security platforms, changing the industry in the process. By Jon Oltsik Jun 14, 2022 4 mins Security Software opinion SOC modernization: 8 key considerations Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole. By Jon Oltsik Apr 27, 2022 6 mins RSA Conference Security Operations Center opinion 5 ways to improve security hygiene and posture management Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies. By Jon Oltsik Apr 05, 2022 4 mins Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe