Measuring Cybersecurity ROI Part 3: Innovation, Revenue Opportunities

Measuring Cybersecurity ROI Part 3: Innovation, Revenue Opportunities

Not enough people talk about it, but effective cybersecurity actually drives new business.




Many analysts point to brand value, and for good reason. A strong commitment to safeguarding customer data demonstrates:


“…market leadership, brand strengthening, and product/service differentiation. For example, as more businesses look to AI, IoT and robotics to streamline processes and improve business performance, ensuring that these technologies are secure can increase revenues and drive bottom-line performance. In this respect, shareholders must not only expect cyber excellence, they should demand it. (CircleID)


A recent global study of more than 10,000 people found that 70% of people say they’d quit doing business with a company that suffered a data breach. (IT Security Central) In the public eye, breaches are a clear sign a brand can’t be trusted with their customers’ data.


eCommerce and Mobile Services


Effective cybersecurity drives profitability by enabling customer access to mobile services. An example that many of us are familiar with: a retailer that can let customers research and shop on any device anywhere at any time can boost revenues and drive loyalty. (Computer Weekly) Retail giants like Amazon, eBay, Etsy and Costco illustrate the point.


According to a recent analysis:


  • 79% of smartphone users have made a purchase online using their mobile device in the last 6 months
  • Almost 40% of all eCommerce purchases during the 2018 holiday season were made on a smartphone
  • eCommerce dollars now comprise 10% of ALL retail revenue
  • 80% of shoppers used a mobile phone inside of a physical store to either look up product reviews, compare prices or find alternative store locations (OuterBox)


None of this is possible in the absence of reliable cybersecurity safeguards, though.


Then there are mobile payments services like Square, ApplePay, Google Wallet and PayPal Mobile. Cybersecurity means these companies (and many more like them) can handle payments and provide real-time, on-the-spot quotes. There’s no need to wait hours (or days) for a payment to clear, so cybersecurity’s enablement of the mobile payments industry reduces friction and improves customer service.


Sales Force Enablement and Remote Work


Once upon a time work was as much a place you went as it was a thing you did. Now, though, many companies have a significant number of remote employees (and some organizations are entirely remote). Increasingly people not in the building need to operate behind the firewall, and a lot of their job functions are highly sensitive. Field sales reps also rely more and more on the ability to pull resources from the network when they aren’t in the office.


Remote workforces also allow companies to select candidates from a broader pool, controlling costs and hiring better applicants, but this is only possible with strong safeguards for the companies’ data.


Enter cybersecurity – assured endpoint identity affords employees seamless, secure access to the internal network.


Another practice that relies heavily on cybersecurity is the burgeoning Bring Your Own Device (BYOD) trend, in which workers, instead of being assigned work mobile phone, are instead allowed to use their personal phones. However, BYOD comes with heavy security requirements.


A recent survey by ISACA found that up to 66% of organizations will soon adopt BYOD policies, yet half of IT staff members remain concerned about the inherent security risks. To manage these policies effectively, IT organizations will need to provide ubiquitous security across many devices and comprehensively manage user identity and access to sensitive corporate data. (Bain)


Estimates vary, but Cisco reports companies can save as much as $1,300/employee each year with a well-constructed BYOD program. (Insight)




Organizations have sometimes regarded security as an impediment to innovation, but in truth cybersecurity is essential to enabling a thriving R&D mission.


At a basic level, innovation can be dangerous in an environment where researchers and product developers can’t be certain their work is secure. More than that, however, cybersecurity equals opportunity.


The eCommerce and mobile enablement examples noted above are good examples. These industries have been defined by organizations that used security programs and technologies to develop powerful, disruptive offerings that many consumers have come to take for granted.


Another example to consider is banking. Most, if not all major financial institutions now use multi-factor authentication to assure customer privacy and security. The ability to check account balances, transfer money, pay bills and apply for loans from a mobile device represents a huge competitive advantage (at least until everybody catches up), but the security framework provides innovative enterprises to continually roll out new offerings that enhance customer service and engagement.


It’s also worth noting that these secure online and mobile services can dramatically reduce branch footprints and trim real estate costs, benefiting both the bank and the customer.


The big picture


When we take the entirety of cybersecurity’s value into account, it quickly becomes clear that its ROI proposition is bigger – much bigger – than too many business leaders credit.


It’s imperative that CISOs begin expressing the totality of their value in ways that make clear to the C-Suite that cybersecurity isn’t a cost, it’s a powerful strategic investment with the ability to help the company establish a competitive advantage. Perhaps even a disruptive one.




Doug Drew
Doug Drew represents more than 20 years of cybersecurity business, technical and leadership experience in roles ranging from incident response, PCI practice lead, security program consulting and staff augmentation CISO.