Analysts agree that cybersecurity is a strategic asset for every company. According to Gartner, 85% of CEOs believe the CISO-led division plays a critical role in business growth, a finding echoed by the 2025 EY Global Cybersecurity Leadership Insights. In this report, analysts estimate that cybersecurity contributes on average 11–20% of the overall value generated by major corporate initiatives.
Despite this evidence, the reality appears quite different, almost paradoxical. EY reports that cybersecurity budgets have declined over the past two years, dropping from 1.1% to 0.6% of company revenue. Additionally, more than half of CISOs say they struggle to be involved in the strategic phases of projects, where direction and alignment with business goals are defined.
How can this paradox be explained? Why is a function that enables growth, innovation, and competitiveness still treated as a cost center? And above all: how does cybersecurity concretely create value for a company, beyond risk reduction?
From Strict Management to Value Creation
For years, cybersecurity was viewed as a purely defensive function, tasked with managing exposure to cyber threats, ensuring compliance, and protecting the IT perimeter. It has always been a necessary activity, yet one perceived as incapable of generating revenue.
Internally, security leaders could be seen as potential obstacles to innovation — much like legal departments — those who said “no” to ambitious transformation initiatives to protect the company.
Growing Threats, Stricter Regulations
The growth of cyber threats and increasingly stringent regulatory frameworks have made cybersecurity leaders central within the enterprise context. However, this recognition has not automatically translated into adequate resources or a new strategic positioning. As EY highlights, security budgets are decreasing, and many CISOs still struggle to participate in decision-making at the strategic level.
The issue is even more pronounced in SMEs, where attention is focused on initiatives with direct returns, such as new products, services, and markets. Anything that generates tangible value takes priority, but in such a context, cybersecurity inevitably remains seen as a technical safeguard, not a business accelerator.
Security becomes a key requirement for every corporate initiative
Gradually, driven by pervasive digitalization and the transformation of data into the backbone of every organization, security has become an enabling condition for all corporate initiatives, rightfully entering the list of factors that drive growth.
We will explore this in more detail later. For now, consider just two examples: a mature cybersecurity posture accelerates the adoption of new technologies, enabling innovation without exposing the organization to structural vulnerabilities; in M&A, the secure integration of IT systems enables deeper operational and digital synergies, making the new entity more robust, efficient, and competitive.
In all these cases, and many others, a fundamental shift occurs: cybersecurity doesn’t just protect margins; it makes them possible.
The Value of Cybersecurity as a Growth Generator
Leaving analysts to quantify the impact, let’s explore how cybersecurity generates tangible value for organizations and becomes a strategic lever.
Impact on the launch of new products and services
Robust cybersecurity is what truly enables entry into new markets or the launch of products and services, especially digital ones. Consider an AI platform or a mobile app managing critical services: without a native security framework—including privacy, data governance, authentication, and abuse prevention—the product couldn’t even be released. As noted earlier, the value doesn’t lie in limiting damage but in accelerating time to market, facilitating user adoption, and ensuring compliance with complex regulations from the design phase. Faster time to market and stronger adoption inevitably drive higher revenues.
Security creates a competitive advantage
In highly competitive markets, positioning depends partly on the ability to integrate security into every project, product, or service. Quite simply, companies that design digital services with zero-trust principles, manage personal data transparently, and prevent threats without burdening the user experience outperform their competitors. In many cases, cybersecurity is a differentiating factor recognized by stakeholders, especially when supported by certifications, audits, and international compliance. In other words, security not only protects value; it builds and defends it in the market.
Impact on trust and customer experience
Adopting an advanced security posture means first and foremost minimizing the risk of operational disruptions: events that always affect, directly or indirectly, the customer experience. Whether it's a B2C service accessed via app or a B2B platform supporting supply chains and store replenishment, continuity is integral to perceived quality.
In digital environments, security is even more central. A mature cybersecurity posture ensures resilience, scalability, and protection against advanced threats and targeted attacks, even in distributed cloud environments. This translates into smoother, more reliable, and more consistent experiences, both during access (e.g., fast authentication, simplified onboarding) and in everyday service usage.
It facilitates innovation processes
Innovation requires controlled environments and trust in technological processes. This is why an advanced cybersecurity posture is now a real enabler of innovation, a key driver of business growth.
When the security function works seamlessly with development, operations, and business teams, it can prevent bottlenecks, enable experimentation, and protect strategic assets from the earliest stages of the innovation lifecycle. Whether it’s an AI service prototype or a digital solution exposed to external integrations, cybersecurity allows for testing, iteration, and scaling without compromising the project or the company.
Our vision: Security as a Strategic Lever for Business
At Kirey, we believe security is a function that enables business and corporate growth. For this reason, we support organizations in strengthening their security posture through focused consulting, dedicated services, and top-tier technology partnerships.
Through an integrated approach combining expertise in cybersecurity, cloud architectures, artificial intelligence, and application development, we support companies and institutions throughout their evolution—covering the entire digital transformation lifecycle, from strategy to system protection, from design to solution adoption.
If you want to learn how to transform security into a competitive advantage, contact us: our experts are ready to support you with concrete, strategic, and tailored solutions.
