Despite these differences of appreciation, cybersecurity is nonetheless perceived by all respondents as a lever for value creation. Contrary to popular belief, cybersecurity is not seen as an obstacle to the fluidity and agility of operations, but first and foremost as a means of improving operational efficiency, for example through automated controls or Single Sign-On (SSO), which both secures and simplifies access. Although the figures are relatively modest and fairly evenly spread between the different suggestions, they reflect a genuine awareness.
What is the primary area in which your organization expects IT security to deliver value?
![](https://www.devoteam.com/wp-content/uploads/2022/08/it-security.jpg)
FOCUS ON ORGANIZATIONAL MEASURES
This potential is now recognised, but it still needs to materialise. To ensure that security delivers the expected value, Business decision-makers favour the principles of Security by Design/Security by Default (56.9%) and the implementation of a formal enterprise-wide security programme (50.8%). For them, the most substantial improvements are therefore not due to a question of tools, but to organisational and managerial measures. It seems obvious to them that safety will be better taken into account and more value-creating if everyone has, early on, clear guidelines to follow.
Where can the organization gain the most value from improving security operations management within the context of digital business? (Business)
![](https://www.devoteam.com/wp-content/uploads/2022/08/most-value.jpg)
CIOs and CISOs agree with Business decision-makers on the need to set up a formal security programme – limited, for them, to development. But they do not forget about the challenges specific to their job: while the CIOs remain particularly attentive to the integration of security rules and systems into business operations, CISOs remind us of the need to have adequate resources: skills, tools, suppliers… It is not enough for them to have their role recognised: they want the means to follow.
How important are the following for managing security operations within the context of your digital business?
![](https://www.devoteam.com/wp-content/uploads/2022/08/security-operations.jpg)
SECURITY BY DESIGN, A SCATTERED ADOPTION
Among the possible measures, Security by Design1 appears in the Business profiles as the top solution to the digital transformation security challenges. Solid conviction or just a fad? It is difficult to say because, in reality, very few of those surveyed have any real experience of it. Only 13% of companies have adopted Security by Design as a business principle. On the other hand, almost half have adopted it partially or specifically. The discrepancy between the stated desire and this scattered adoption betrays a certain lack of maturity on the subject with, possibly, a mismatch between the idealised vision of the managers and the pragmatism of the teams on the ground, who apply “Security by Design” without giving it a name.
Does your organization incorporate any security by design principles in its planning and processes across the organization? (total respondents)
![](https://www.devoteam.com/wp-content/uploads/2022/08/yellow.jpg)