Gartner distinguished VP analyst, Gene Alvarez says 2024’s top strategic technology trends span AI imperatives and risks, new frontiers of computing and human-machine synergy. Three of the top 10 priorities are directly of interest to CISOs – namely, AI governance platforms, disinformation security and postquantum cryptography.
Coming into 2025, the continued unpredictability of the business landscape and a rapidly evolving technology landscape offer enormous opportunities for threat actors to reap financial benefits as they spread distrust, misinformation and disruption.
Aaron Ooi, chief information security officer at Generali Insurance Malaysia Berhad, articulates, that a strong cybersecurity posture is not merely a defensive measure but a strategic enabler that drives long-term business success. A comprehensive approach to cybersecurity can yield significant benefits, from risk reduction to securing a competitive edge.
Long-term business benefits of cybersecurity
Cybersecurity is a multi-faceted practice that offers benefits around the protection of an organisation’s most important assets – company data, as well as partner and customer information. The other primary objective of cybersecurity is ensuring the business operates without disruption. The less thought of but just as important is protecting the brand value and reputation of the company which for many business leaders is just as valuable as it ensures the future of the company.
Investing in cybersecurity fundamentally reduces the risk of costly data breaches and operational disruptions. According to a report by IBM, the average cost of a data breach in 2023 reached approximately RM4.5 million, emphasising the financial stakes involved.
Ooi notes that a strong cybersecurity posture not only prevents revenue loss but also preserves customer trust, which is invaluable in today's market.
Companies that prioritise cybersecurity often find themselves with a competitive advantage, attracting customers and partners who value security. Furthermore, such investments enhance operational resilience, ensuring continuity in the face of cyber incidents.
"When stakeholders see real-world examples of breaches in similar industries, they begin to understand the tangible value of a solid cybersecurity framework," adds Ooi.
The role of compliance in cybersecurity investment
Cyber compliance refers to the process of ensuring that an organisation adheres to industry regulations, standards, and laws related to information security and data privacy.
Compliance with legal and regulatory frameworks such as GDPR, CCPA, and local regulations like the CyberSecurity Act is essential for many organisations. Non-compliance can lead to severe financial repercussions, including fines and operational restrictions.
Ooi emphasises the necessity of presenting compliance efforts to the board not just as a legal obligation but as an integral part of managing risk and maintaining trust.
"When we demonstrate the potential costs of non-compliance—like fines and legal fees—against our investment in compliance, it becomes clear that these efforts are not just expenses, but critical investments in our future." Aaron Ooi
Quantifying the ROI of cybersecurity initiatives
One of the key challenges faced by CISOs is quantifying the return on investment (ROI) for cybersecurity initiatives. Ooi advocates for a thorough cost-benefit analysis, comparing potential breach costs against preventive measures.
For example, if a data breach could inflict RM1 million in damages while a cybersecurity solution costs RM200,000, the ROI is evident. Metrics such as mean time to detect (MTTD) and mean time to respond (MTTR) provide tangible evidence of improvement, showing how investments in cybersecurity lead to reduced downtime and faster incident responses.
Ooi says: "By quantifying how our investments lower the organisation’s risk profile, we can clearly support our ROI claims."
Aligning cybersecurity with business objectives
Cybersecurity is not an isolated function; it is a critical enabler of broader business objectives. As organisations pursue digital transformation through technologies like cloud computing and artificial intelligence, Ooi underscores that cybersecurity must support these initiatives.
"When cybersecurity aligns with our digital transformation goals, we not only protect our data but also build customer trust, which is essential for market expansion," he explains.
This alignment fosters data-driven decision-making, allowing organisations to leverage data confidently while safeguarding against breaches.
Prevention: A tangible ROI
Investments in preventive cybersecurity measures yield substantial returns. Ooi points out that initiatives such as firewalls, endpoint protection, and anti-DDoS measures can significantly reduce downtime, thereby preserving revenue.
For instance, a major retailer could save millions by preventing a single day of disrupted sales. Additionally, effective training programs to prevent phishing can lower incident response costs, averting expensive recovery efforts.
Ooi emphasises that by proactively addressing cybersecurity threats, we can avoid the financial and reputational repercussions of regulatory penalties.
Crafting a compelling cyber risk narrative
To effectively communicate the importance of cybersecurity to stakeholders, creating a compelling cyber risk narrative is crucial. Ooi suggests framing cybersecurity as essential to protecting an organisation’s most valuable assets—its data, reputation, and customer trust.
He illustrates this with a powerful example: "A single breach could cost us RM20 million in recovery and lost business. By investing RM500,000 in comprehensive security measures, we’re not just safeguarding that RM20 million; we’re positioning ourselves as a trusted, resilient organisation."
This narrative not only highlights the financial prudence of cybersecurity investment but also bridges the gap between technical and business perspectives.