Radware: Data Breaches Go from Cost Problem to Part of Business Strategy

As the average cyberattack cost rockets to $4.6 million this year, according to a new Radware survey, and data breaches now number in the millions according to Statista, the C-suite’s perspective on cybersecurity investment is shifting from budget drain to business enabler.

“CEOs are spending more than half (59%) of their time discussing information security,” according to the Radware survey, and 72% of respondents said that “every board of directors meeting now includes information security as an agenda item.”

But that increase in attention is no longer solely a fear response; rather, it’s a newfound focus on incorporating security as a vital part of the overall business strategy.

Indeed, an overwhelming 98% of the 263 executives surveyed – each holding the title of senior vice president level or higher and hailing from companies around the world with at least 250 million USD/EUR/GBP/RMB in revenue – claimed at least some management responsibility for cybersecurity.

Radware’s Anna Convery-Pelletier

“While responsibility for cybersecurity continues to be spearheaded by the CIO and CISO, it is also being shared throughout the entire C-suite. Security issues now influence brand reputation, brand trust and consumer trust, which force organizations to make a fundamental shift in thinking about the role of security in customer experience, marketing and business operations,” said Anna Convery-Pelletier, chief marketing officer at Radware.

But that’s not to say that a marked increase in executive buyin equates to better protection — at least not yet. A majority (70%) of North America and Europe-based senior executives surveyed said their company experienced a cyberattack in the previous year. Even more (75%) in EMEA say their networks are susceptible to cyberattacks. Clearly, the C-suite and IT have a lot of work ahead.

The survey shed some light on other issues as well. Cloud security remains a top concern. Nearly three-quarters (73%) of responding executives reported unauthorized access to their public cloud assets. The second most surprising finding was how little privacy protections seem to translate into data security. One-half (52%) of Europe-based executives incurred a self-reported incident under GDPR in the past year. Indeed, 74% of European executives reported a higher rate of data breaches than their American (53%) and APAC (44%) counterparts despite the formidable and far-reaching GDPR protective mandate.

Further, the cost of data breaches is expanding to include customer retention and acquisition costs. The average customer churn after a data breach is 30%, and survey respondents estimate an average cost of $100,000 to win back each lost customer.

So where does the C-suite like to invest in security? Most (81%) said their increase in security spend is shifting to machine learning and AI as intent swells to automate more security functions and processes. AI security investments per region vary little: Americas 49%, EMEA 30%, and APAC 31%.

They’re eyeing solutions for bots too, given the growing bottom-line impacts. More than one-half (53%) say they have reduced website revenue due to inventory holdups by bots. Just about as many (51%) report bots skewing marketing analytics. More than one-third (36%) worry about abuse of user accounts or payment information.

Combined, the responses to this survey appear to point toward MSSPs needing to adjust their sales pitches. Refining the pitch to reflect specific feature impacts on the list of concerns and goals is a good start. Watching for changes in product and services evaluation processes and purchasing authority is also critical. Purchasing-decision processes may be in flux as the C-suite takes a greater interest in investment specifics.