Why a successful career in cybersecurity requires business acumen

Estimated Read Time: 3 minutes

In today's rapidly changing and increasingly uncertain environment, there are many situations in business where conventional knowledge and methods are no longer applicable. The key to a successful career in this environment is business acumen. The world of cyber security is no exception. Business acumen includes logical thinking, the ability to identify issues, the ability to solve problems through strategic thinking, and the ability to understand the overall impact of your role and that of your team. For example, in cybersecurity, understanding how their security protocols impact their overall business is very important to their security efforts. This article explains why cybersecurity professionals need business acumen to succeed in their future careers.

Business sense is needed to prioritize work

There are a wide variety of tasks related to cybersecurity. And because all security-related tasks are important, they need to be prioritized appropriately on a case-by-case basis. Determining which elements are important now can be difficult without an understanding of the business as a whole. Leadership is also needed to actually accomplish the tasks once priorities are set.

Business acumen is needed to understand the costs involved in cybersecurity.

According to the research report "Cybersecurity Outlook for Japan and the Asia-Pacific Region," conducted by Sophos, a leader in cybersecurity solutions, in collaboration with Tech Research Asia (TRA), "Cybersecurity budgets will be less than originally required" in 2021. According to the report, "Cyber Security Outlook in Japan and the Asia-Pacific Region," conducted in collaboration with Tech Research Asia (TRA), 59% of companies answered that their cyber security budget will be less than originally required in 2021.(i)

On the other hand, the damages companies face in the event of an information security incident are enormous: according to the "2018 Survey Report on Information Security Incidents" by the NPO Japan Network Security Association, the average estimated damages per leakage incident is as much as 637.67 million yen.(ii) It is critical that those in charge have a proper understanding of the impact that security measures can have on a company's revenue and budgeting. It is also a good idea to acquire a basic knowledge of financial matters.

Business acumen is necessary for effective internal communication.

The acceleration of digital transformation (DX) and the establishment of remote work have led to rapid digitization of the workplace. Confidential corporate information is now also stored in digital format, and new methods and frequency of cyber-attacks are increasing every year. According to the Sophos and TRA report mentioned earlier, 68% of the companies surveyed said they had suffered some form of cyber attack in 2021. This is an increase of 36% from the survey two years ago.(iii)

To avoid being victimized by the increasing number of cyber attacks using various methods, internal education such as employee training and collaboration with other departments are essential. It is very important to make sure that personnel in each relevant department recognize security-related tasks as their own, but in reality, it is often the case that personnel in business and administrative departments do not recognize these security measures as their own tasks. This situation makes it difficult for security personnel to take security measures for the company as a whole in cooperation with related departments. Security personnel need to resolve issues through discussions with other departments involved, which requires good communication skills and logical thinking skills.

In addition, knowledge of overall business trends, not just those related to security, will make it easier to communicate with these departments, as they will be able to provide more persuasive explanations. For example, if you have knowledge of markets and trends, you will be able to explain how cybersecurity plays a role in assessing a company's vulnerabilities from that perspective and gain their understanding.

Business acumen is needed to develop and maintain a cybersecurity strategy.

According to Sophos and TRA's 2021 report, 54% of companies said they last reviewed their cybersecurity strategy more than 12 months ago, up only 3% from two years ago, even with the rapid growth of DX and teleworking adoption. Sixty-seven percent of companies said that keeping up-to-date with cybersecurity technology is a challenge for their organizations, and 59% of companies said that a lack of people with cybersecurity skills is a challenge for their organizations.(iv)

Clearly, the lack of cybersecurity talent and budgets continues to be a major challenge for companies. And many companies are now looking to leverage third parties and adopt technology tools such as artificial intelligence (AI) and machine learning (ML) to fill these skills shortage gaps. Developing, reviewing, and managing a cybersecurity strategy requires the ability to properly determine what to invest resources in. Therefore, a person with the business acumen to properly understand the company's business and security challenges and act to solve the problems will be invaluable to the organization.

Conclusion

In Japan, there is a shortage of cyber security specialists. Automation of tasks through technology tools and optimization of security-related processes can somewhat improve the shortage of human resources, but in order to properly implement these measures, it is important to secure skilled cyber security personnel within the company in any case. In addition, the company cannot rely on outside parties for internal training, internal awareness, and the development of the company's strategy and policies regarding cyber-attacks.

The cybersecurity market continues to grow, and the demand for specialists will continue to increase. In addition to experience and knowledge, hone your business acumen to enhance your career as a security officer.

If you are ready to take on the challenge of a cybersecurity-related career, please contact Robert Half. Our knowledgeable consultants in the technology/IT field will listen to what you want and what your ideal career is, and then recommend the best career path and workplace for you.

Sources:

(i, iii, iv) SOPHOS (n.d.). 日本およびアジア太平洋地域におけるサイバーセキュリティの展望第 2 版. Retrieved February 12, 2023, from https://assets.sophos.com/X24WTUEQ/at/f5hk3trq3fn5mqpzs4xv5sqr/sophos-future-of-cybersecurity-apj-wpja.pdf

(ii) JNSA(n.d.). 2018年情報セキュリティインシデントに関する調査結果～個人情報漏えい編(速報版. Retrieved February 12, 2023, from https://www.jnsa.org/result/incident/data/2018incident_survey_sokuhou.pdf