Cybersecurity: From an afterthought to a strategic asset

Many industries have long treated cybersecurity as an afterthought – even tech-native sectors like SaaS. It’s a challenge that cybersecurity practitioners have been managing for years; organisations invest in developing every other operational function, but pin cybersecurity on at the end instead of building it into their organisational architecture. 

Now, however, this is changing. Increasingly, organisations are viewing cybersecurity as a core strategic asset, and this is driving a shift in the way investors think about cybersecurity too. 

More organisations see cybersecurity as a strategic priority  

The 2024 State of Cybersecurity Report by Ivanti surveyed more than 7,000 leadership executives, cybersecurity professionals, and office workers, with findings including: 

• 73% of leadership-level executives and IT or security professionals reported that security budgets are increasing.
• 87% said that their organisation’s 2024 cybersecurity budget was adequate to meet their goals, and it’s being invested across a range of areas; including cloud and data security, but also identity threat detection and generative AI.
• 91% said that cybersecurity is now viewed as a core strategic asset in their organisation.
• 57% said they’re more prepared to defend against breaches and attacks than they were one year ago.

Overall, the data suggests that cybersecurity is now seen as a top organisational priority in a growing number of organisations, at board level as well as C-suite level. 

Is there growing support for cybersecurity strategy at board level? 

In Ivanti’s research, 80% of respondents said their boards include someone with security expertise – and 86% said it’s a ‘topic of discussion’ at board level.

This highlights a broader cultural shift around cybersecurity awareness and understanding: more organisations are recognising that instead of being just a technology issue, cybersecurity represents a critical business issue – as threats have the potential to disrupt or devastate business outcomes. 

It’s this change in understanding that’s driving the repositioning of cybersecurity as a strategic priority, and pushing C-suite leaders and board members to include cybersecurity in their considerations for a much wider range of strategic decisions. They’re thinking about security when they retool their supply chains, do due diligence on new acquisitions, or decide whether to enter a new market.

That’s great. But it’s important to note that when Ivanti dug deeper, they found that less than half of respondents said their business leaders have an advanced understanding of cybersecurity concepts such as vulnerability management (45%) and zero trust (44%); and at the lower end of the scale, among organisations with less developed cybersecurity programs, only 24-26% reported that leaders understood these concepts. 

Increase cybersecurity awareness in leadership roles to drive strategic excellence 

Overall, this research is very positive. It shows that organisations are placing real value on the role of cybersecurity programs and professionals, and integrating cybersecurity into key strategic conversations. 

There’s a clear need for greater understanding of cybersecurity at board level so those conversations can become more efficient, and drive better outcomes. Cybersecurity awareness programs going forward should not neglect board-level members of an organisation; board-specific programs, designed in a way that increases engagement and information retention, could help to close that knowledge gap. 

As organisations continue to recognise the critical importance of cybersecurity for their strategic future, investors can also turn their attention to cybersecurity products, services and companies with more confidence. When cybersecurity isn’t a technological layer on top of a business, but instead an integrated and essential layer with that business, it’s clear that organisations will continue to include security tooling and services in their budgets. 

Join us at Black Hat MEA 2025 to share your perspective and meet potential partners – and shape the future together.