MyPR

Cyber Security measures in a company pave the way to Productivity & increased Valuation. It is easy to imagine that if a knowledge worker has to reinstall and regenerate the same codes over and over again just because the security team could not secure the servers; it is going to be a never-ending process. A lot of wealth will go away this way.

Cybersecurity and Productivity: Insights from Industry Professionals

“Based on the findings of the Data Security Council of India (DSCI) and various industry reports, cyber breaches in India carry substantial financial implications, with an average cost of INR 630 crore (approximately US$85 million) per breach, notably higher than the global average. On average, it takes around 300 days to detect and contain these breaches, leading to prolonged disruptions and heightened financial burdens. Compromised credentials emerge as the primary culprit, taking an average of 350 days to identify, incurring costs significantly higher than the standard breach, with an impact amounting to INR 12 crore (approximately US$1.6 million) more than the average breach.

The Impact of Cybersecurity Measures on Government Funds

Compromised credentials serve as a gateway for threat actors to infiltrate organizational networks. Once inside, they often deploy ransomware, malicious software designed to encrypt files or block access to systems, demanding a ransom for decryption. Ransomware attacks pose a critical menace, causing severe disruptions and potential harm to vital sectors like finance and healthcare. These disruptions translate into massive financial losses. In 2022, ransomware incidents soared by 45% in India compared to the previous year, taking an additional 50 days, on average, to detect and mitigate. The average cost incurred due to a ransomware attack reached INR 330 crore (approximately US$44 million).

Stout’s Investigation: Cybersecurity Culture and Productivity

Responding to this critical situation, the Indian government has taken proactive measures, emphasizing software security through initiatives like the National Cyber Security Policy, introduced on 15th February 2022. This policy mandates multiple agencies to fortify cybersecurity measures and secure the software supply chain. Furthermore, there are ongoing discussions within the policy framework to address software liabilities, aiming to hold accountable entities failing to uphold necessary cybersecurity measures. These policies underscore the importance of ensuring software companies fulfill their responsibility to safeguard consumers, businesses, and critical infrastructure providers.”

Operations Science Perspective: Balancing Work in Process (WIP) and Rework

The nexus between cybersecurity and productivity remains a topic sparsely explored in existing literature, particularly regarding its direct impact on organizational efficiency. Bromium, Inc., delved into this relationship in 2017, surveying 175 IT security professionals at the Infosecurity Europe conference. The study unearthed intriguing insights: 94% of respondents observed that users prioritize task completion over security concerns, and 64% admitted to adjusting security measures to enhance flexibility, complying with organizational directives. An alarming 40% confessed to temporarily disabling security protocols to accommodate other departmental requests, signifying a clash between productivity and security priorities. Such findings underscored a prevalent challenge where IT security teams face overruling, potentially unbeknownst to executive leadership.

Integration of Security in Software Development: Sonatype 2020 Report

An earlier study by Citrix Systems in 2010 scrutinized cybersecurity measures’ impact on U.S. government managers. It revealed that 84% of executives experienced reduced productivity due to these measures, citing limitations in accessing job-related information and applications, decreased mobility, and extended response times. This highlighted the delicate balance required between security and productivity, advocating for modified cybersecurity policies to harmonize these conflicting demands.

The DevSecOps Market and Its Growth Trajectory

Stout’s dissertation explored cybersecurity culture’s link to productivity, examining data from a government agency and a consulting firm. Findings showcased varying degrees of hindrance caused by security measures: 60% reported rare hindrance, 21% occasional, 15% frequent, and a mere 1% consistent hindrance, shedding light on the nuanced impact on productivity.

Navigating the Relationship between Cybersecurity & Productivity

Conversely, examining operations science reveals a critical perspective. While optimal Work in Process (WIP) levels enhance task completion, introducing rework due to security breaches disrupts processes, diverts resources, and prolongs completion times. The aftermath of the 2021 Colonial Pipeline hack exemplifies how unplanned and urgent rework impairs on-time performance and task completion.

Integrating security into software development emerges as a pivotal solution. The Sonatype 2020 report outlined the relationship between security practices and outcomes across industries, illustrating how high-performing teams excelled in both risk management and productivity. DevSecOps, integrating security into the development lifecycle, leads to fewer breaches, shorter remediation times, and ultimately higher productivity.

The DevSecOps market’s exponential growth, reaching US$4,373 million in 2022, signifies industries’ recognition of its value in bolstering security and productivity. As global regulations reshape software development, organizations must harmonize cybersecurity and productivity, simplifying security practices, automating backups, and ensuring ongoing training. By embracing these principles, businesses can navigate this intricate relationship, fostering a secure and efficient software environment. Risk Mitigation and productivity are two sides of the same coin called “value of the company”.