CYBERNOMICS UNLEASHED: GENUINELY PROVING THE VALUE OF A CYBER PROGRAMME

Fear-based cyber security pitches will get you to ‘yes’ this time, maybe next time too, but not every time. Gone are the days when arguments focused solely on what might happen if you do not spend enough on cyber security will get your budget approved and lock down quasi-permanent increments. The context has changed. Cyber security leaders of today need to introduce ‘cybernomics’ to their narrative: they need to know how to measure, explain and optimise the business value that is generated or unlocked by cyber programmes. When it comes to making a business case for your cyber programme, it is no longer enough to show what catastrophes you may avoid by spending. It is time to show how to do more with less. It is time to position security as the strategic accelerator.

IBM’s 2024 Cybersecurity Intelligence Index found that two out of three business leaders now see cyber security as a revenue enabler, and mature cyber security programmes saw 43 percent higher five-year revenue growth. To start positioning security as a genuine part of a company’s growth engine, it is necessary to build your narrative around three critical pillars: protecting revenues and operations, efficiency, and differentiation.

Protecting revenues and operations: a financial shield

The most measurable element of cyber security value is how much revenue you protect. In fact, that is where you start. It is much easier to do economic justification starting with what you could lose, rather than with what you need to spend to avert that loss.

Oct-Dec 2025 Issue

General Bank of Canada

Join our free mailing list to read the full article