Security & growth: Can we achieve the best of both worlds?
Pressure on CISOs is ever-increasing. Not only are security leaders held to an extremely high standard, being expected to prevent all cyber-attacks and fix all security issues, but they also have to work with other teams in the organization to support business strategies. Of course, the ultimate goal is to design security strategies in such a way that they support the company’s business goals. But how do you achieve that balance – and is it possible?
A disconnect between securing and leveraging data assets
Only 14% of security & risk management leaders are able to effectively secure organizational data assets while also enabling the use of data to achieve business objectives, Gartner found in a recent survey. This survey was conducted from June through August 2024 among 318 senior security leaders across organizations of different industries and sizes worldwide.
While some organizations prioritize securing their data assets and others focus on leveraging data for business growth, very few manage to do both effectively. This disconnect can expose companies to cybersecurity threats, regulatory penalties, and operational inefficiencies, ultimately impacting their competitive edge and stakeholder trust, Gartner highlighted.
Where is the balance – and who should find it?
Failing to strike the right balance between security and business growth can have far-reaching consequences. Overly rigid security measures may slow down innovation, hinder customer experience, and create frustration within different departments. On the other hand, lax security in the name of agility can open the door to breaches, financial losses, and reputational damage. The challenge for CISOs is to move beyond the historical reactive approach, and create a culture where security and business objectives are interwoven from the start. To achieve this, however, the whole team must be on board - it can’t be just the CISO that takes the lead alone.
Security as an enabler
One of the key roadblocks in achieving this balance is the perception that security is a barrier rather than an enabler. To shift this mindset, security leaders must engage with key stakeholders, including IT, legal, compliance, and product development teams. Creating a collaborative security framework allows organizations to embed security into business processes early on, reducing friction and ensuring security measures are not viewed as an afterthought.
Key actions
To address the issue of imbalance, Gartner outlined five key actions that security leaders can take to align data protection with business enablement. These include reducing governance-related friction by collaborating with end users, streamlining governance efforts with internal teams, setting clear security requirements, establishing guidelines for generative AI use, and securing executive buy-in through partnerships with data and analytics teams. By adopting these strategies, organizations can better safeguard their data while maintaining the agility needed to drive innovation and business success, Gartner concluded.
