EY: Missed opportunity: Cybersecurity creates business value if left to

By: Trademagazin Date: 2025. 07. 31. 11:09

Cybersecurity is bringing significant savings to companies worldwide, yet they are not involving the leaders of the field in key business decisions, according to EY’s latest international survey of 550 top managers and cybersecurity leaders (CISOs). According to the study, with the right attitude, data protection can easily become an engine of corporate growth.

According to global data, proper IT security typically results in an 11-20 percent added value in a single corporate project, which can mean a profit of up to several million dollars. While the positive business impact of digital protection activities is increasingly clear, according to EY’s analysis, the budget for the area has been spectacularly cut at the companies surveyed: it fell from 1.1% to 0.6% of annual revenue in two years.

“If we view online data security as a mandatory expense, the sole purpose of which is to reduce risks, we can easily underfund it and thus miss its potential. Yet cyber protection can also be a driving force for expansion, innovation and long-term success,” said Mihály Zala.

According to the research, only one in ten CISOs said that they are involved in the early stages of strategic decisions. However, those who are were able to create significantly more business value for their organization. Companies with more advanced digital data protection functions than their competitors not only suffer fewer security incidents, but also have a more positive impact on brand perception. These companies participate more in improving the customer experience and play a more active role in the introduction of artificial intelligence.

“Cybersecurity needs to move beyond its technological background and become the center of corporate strategy. To do this, it is worth collaborating with external consultants who are able to think not only as technology experts but also as business leaders, thereby taking into account the long-term financial interests of the company in addition to risk reduction. This way, the area can fulfill its real function and create significant value for the organization as a whole,”

emphasized Mihály Zala, head of EY’s cybersecurity business.

Currently, companies use an average of 35 different cybersecurity tools, with a significant portion of them using more than 50 applications. It is not surprising that many leaders are striving to simplify their tool park, so a fifth of respondents have carried out technological rationalization in the past two years, and four out of ten respondents are currently working on it. According to the results of the international study, AI automation reduced detection and response time by a quarter, while simplifying processes saved an average of $1.7 million annually.