Rethinking the ROI of cybersecurity

2026-06-22 · Source: IBM Technology · Field: Business & Management — Corporate Strategy & Leadership, Operations & Process Management · Depth: Fundamental Awareness, quick

Summary

Executives frequently view increased cybersecurity spending as a significant burden, citing higher business costs, slower speed to market, stalled innovation, reliance on dated AI tools, increased red tape, and drained productivity. This perspective suggests a negative return on investment. Conversely, the evolving role of security is shifting from a purely technical function to a strategic risk management discipline. This new focus prioritizes communicating business impact and guiding key business decisions, making these aspects as critical as threat prevention itself. The discussion highlights that explicit trade-offs exist, and resource allocation should consider that business continuity and growth can sometimes outweigh strict security controls, advocating for a more integrated and strategic approach to cybersecurity investments.

Key takeaway

For CISOs or VPs of Security assessing budget allocations, recognize that your role extends beyond technical defense to strategic risk management. You must effectively communicate security's business impact to guide key decisions, demonstrating how investments support continuity and growth. Prioritize resource allocation where business objectives can sometimes outweigh strict controls, ensuring your security strategy aligns directly with broader organizational goals rather than hindering them.

Key insights

Cybersecurity's value shifts from technical defense to strategic risk management, balancing growth with controls.

Principles

• Security's role is strategic risk management.
• Business continuity can outweigh strict controls.
• Communicate security's business impact.

In practice

• Prioritize security investments by business impact.
• Evaluate trade-offs between security and growth.
• Align security with strategic business goals.

Topics

• Cybersecurity ROI
• Security Strategy
• Risk Management
• Business Continuity
• Resource Allocation

Best for: CTO, Director of AI/ML, Executive, VP of Engineering/Data, Consultant

Related on AIssential

• 📈 Data to start your week — AI's rapid advancement impacts market share, cybersecurity, and corporate financial performance.
• From Risk to Asset: Designing a Practical Data Strategy That Actually Works — Effective data strategy links organizational vision to daily implementation, ensuring data becomes an asset, not a risk.
• A Lawyer’s Take On Why AI Investments Keep Disappointing — AI investment failures stem from poor organizational management and strategy, not inherent technology limitations.
• BCG X: It is about the people, going big, and capturing the value with a tailored solution — Successful enterprise AI projects prioritize people and data over algorithms, focusing on large-scale value.
• Weekly Review 2 January 2026 — AI's impact spans technical capabilities, organizational integration, economic value, and profound societal and ethical challenges.
• How CISOs Can Thrive Amidst Geopolitical And Economic Uncertainty — CISOs must optimize security spending, lead organizational change, and bolster enterprise risk management to thrive amidst volatility.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by IBM Technology.