Cybersecurity often out of sync with business goals

Aligning cybersecurity with business outcomes is a challenge facing nearly all businesses, according to a study published by WithSecure.

Helsinki, Finland – August 28, 2023: 97% of respondents’ organizations face challenges in trying to align cybersecurity priorities with business outcomes, according to a commissioned study conducted by Forrester Consulting on behalf of WithSecure™ (formerly known as F-Secure Business).

According to the study’s spotlight, the challenges fall into three categories: conflicting goals, complexity of environment, and privacy requirements.

Notably, conflicting goals was among top challenges identified by respondents from several verticals, including the public sector and healthcare (38%), utilities and telecommunications (38%), retail and wholesale (43%), media, entertainment, and leisure (47%), and financial services and insurance (47%).

Only respondents from manufacturing, and business services and construction, did not identify conflicting goals as one of their top three challenges.

WithSecure™ Chief Information Security Officer Christine Bejerasco, who has given talks on how organizations can address such challenges, said that it requires cybersecurity professionals to develop a different strategic approach to how they think about their jobs.

“It can be difficult for security practitioners to see their work in relation to a business’ purpose or objectives, but that’s really how many boards or executives view security work. However, the transition to outcome-based security doesn’t necessarily involve abandoning traditional metrics. It means explicitly recognizing the value of those metrics in relation to how they benefit the organization and its objectives,” she said.

93% of survey respondents said their organizations struggle with measuring their cybersecurity performance in relation to business outcomes, making this a genuine pain point.

Security Outcome Canvas

According to the study, 99% of survey respondents’ organizations are looking at outcome-based security. 83% said they were interested in, planning to adopt, or expanding adoption of outcome-based cybersecurity solutions and services to achieve business outcomes.

In order to help these organizations, WithSecure™ published a Security Outcome Canvas designed by Bejerasco that maps out connections between security and business outcomes, which is available at https://www.withsecure.com/en/security-outcomes/security-outcomes-canvas.

The July 2023 Forrester Consulting spotlight, Amplify Resilience, Productivity, And Competitiveness With Cybersecurity: A Spotlight On Industry, is available at https://www.withsecure.com/en/security-outcomes/make-cyber-security-outcomes-work-for-you.

About WithSecure™
WithSecure™, formerly F-Secure Business, is cyber security's reliable partner. IT service providers, MSSPs and businesses – along with the largest financial institutions, manufacturers, and thousands of the world's most advanced communications and technology providers – trust us for outcome-based cyber security that protects and enables their operations. Our AI-driven protection secures endpoints and cloud collaboration, and our intelligent detection and response are powered by experts who identify business risks by proactively hunting for threats and confronting live attacks. Our consultants partner with enterprises and tech challengers to build resilience through evidence-based security advice. With more than 30 years of experience in building technology that meets business objectives, we've built our portfolio to grow with our partners through flexible commercial models.

WithSecure™ Corporation was founded in 1988, and is listed on NASDAQ OMX Helsinki Ltd.

WithSecure™ media relations
Adam Pilkey
+358406378859