Outcome-based cybersecurity paves way for organizational goals

2023-04-07 03:30

60% of survey respondents said they react to individual cybersecurity problems as they arise.

"Today, most cybersecurity investments are aimed towards the reduction of cyber risks. However, the problem arises when the risks that are being mitigated are not the ones that are most important for the outcomes the business wants to achieve. This could either result to cybersecurity investments being completely disconnected from the business or cyber security not getting the appropriate funding at all," explained WithSecure CSO Christine Bejerasco.

According to the Forrester study, outcome-based cybersecurity is an approach that enables business leaders to simplify cybersecurity by cultivating only those capabilities that measurably deliver their desired outcomes as opposed to traditional threat, activity-based, or ROI-based methods.

The most common outcomes that respondents wanted security to support included risk management, with 44% of survey respondents wanting to reduce risk to meet their top cybersecurity goals; customer experience, with 40% of respondents wanting security to improve customer experience; and revenue growth, which was highlighted by 34% of respondents.

While many respondents had clear outcomes they'd like security to help them achieve, only one in five organizations claimed to have complete alignment between cybersecurity priorities and business outcomes.

There are numerous obstacles problematizing efforts to align cybersecurity with business outcomes, including but not limited to managing a complex IT environment, handling conflicting cybersecurity and business goals, and maintaining desired results of detection technologies.

News URL

https://www.helpnetsecurity.com/2023/04/07/outcome-based-cybersecurity-approach/

#cybersecurity