Despite these differences of appreciation, cybersecurity is nonetheless perceived by all respondents as a lever for value creation. Contrary to popular belief, cybersecurity is not seen as an obstacle to the fluidity and agility of operations, but first and foremost as a means of improving operational efficiency, for example through automated controls or Single Sign-On (SSO), which both secures and simplifies access. Although the figures are relatively modest and fairly evenly spread between the different suggestions, they reflect a genuine awareness.
What is the primary area in which your organization expects IT security to deliver value?
FOCUS ON ORGANIZATIONAL MEASURES
This potential is now recognised, but it still needs to materialise. To ensure that security delivers the expected value, Business decision-makers favour the principles of Security by Design/Security by Default (56.9%) and the implementation of a formal enterprise-wide security programme (50.8%). For them, the most substantial improvements are therefore not due to a question of tools, but to organisational and managerial measures. It seems obvious to them that safety will be better taken into account and more value-creating if everyone has, early on, clear guidelines to follow.
Where can the organization gain the most value from improving security operations management within the context of digital business? (Business)
CIOs and CISOs agree with Business decision-makers on the need to set up a formal security programme – limited, for them, to development. But they do not forget about the challenges specific to their job: while the CIOs remain particularly attentive to the integration of security rules and systems into business operations, CISOs remind us of the need to have adequate resources: skills, tools, suppliers… It is not enough for them to have their role recognised: they want the means to follow.
How important are the following for managing security operations within the context of your digital business?
SECURITY BY DESIGN, A SCATTERED ADOPTION
Among the possible measures, Security by Design1 appears in the Business profiles as the top solution to the digital transformation security challenges. Solid conviction or just a fad? It is difficult to say because, in reality, very few of those surveyed have any real experience of it. Only 13% of companies have adopted Security by Design as a business principle. On the other hand, almost half have adopted it partially or specifically. The discrepancy between the stated desire and this scattered adoption betrays a certain lack of maturity on the subject with, possibly, a mismatch between the idealised vision of the managers and the pragmatism of the teams on the ground, who apply “Security by Design” without giving it a name.