In a lively discussion moderated by Sekuro Chief Financial Officer Trent Jerome, experts argued both sides of two statements:
‘Cyber security is merely a cost centre and not a business enabler; companies should prioritise innovation over security; there’s no clear ROI for cyber investments’, and
‘By 2030, cyber attacks will be the greatest threat to public safety as growing reliance on digital infrastructure exposes critical services like healthcare and utilities to severe vulnerabilities’.
Debating these topics were:
![Akash Mittal | Sekuro](https://sekuro.io/wp-content/uploads/2024/08/Akash.png)
Akash Mittal
CISO, Sumitomo Forestry Australia
![Jack Cross | Sekuro](https://sekuro.io/wp-content/uploads/2024/08/Jack-Cross.png)
Jack Cross
CISO, QUT
![Nadene Serman | Sekuro](https://sekuro.io/wp-content/uploads/2024/08/Nadene-Serman.png)
Nadene Serman
Global CTO, Infotrack
![Peter Ngo | Sekuro](https://sekuro.io/wp-content/uploads/2024/08/Peter-Ngo.png)
Peter Ngo
Product Line Manager, Global Certifications, Palo Alto Networks
Read on to see the points made by these astute panellists.
Debate Topic #1
‘Cyber security is merely a cost centre and not a business enabler; companies should prioritise innovation over security; there’s no clear ROI for cyber investments’
Before kicking off the debate, Trent acknowledged that cyber security is seen as a necessary evil, and to him, a budget is balanced well when the amount spent on cyber security helps one sleep at night.
Here are the points made by the panellists:
'Cyber security is merely a cost centre and not a business enabler'
For
Against
Cyber security is a protective measure, not a business enabler.
In today’s digital age, data is one of the most valuable assets that a company owns. The cost of a data breach far outweighs the cost of proactive cyber security measures. Hence, cyber security is an investment in risk management, protecting the business against catastrophic losses that could set innovation back many years.
While cyber security can be compared to the brakes of a car enabling you to go faster, nobody really buys a car for the brakes. Nobody really measures the intangible benefits of cyber security. It’s just a protective measure to help manage risk.
Being cyber certified (achieving ISO and other industry accreditations) often expedites the sales cycle for companies as it gives them a competitive advantage in qualifying them for more industry opportunities. This increases the profitability potential. Being cyber secure also mitigates the risks of being breached. So in terms of cost avoidance, investing in cyber security capabilities has a direct positive return.
For
Cyber security is a protective measure, not a business enabler.
While cyber security can be compared to the brakes of a car enabling you to go faster, nobody really buys a car for the brakes. Nobody really measures the intangible benefits of cyber security. It’s just a protective measure to help manage risk.
Against
In today’s digital age, data is one of the most valuable assets that a company owns. The cost of a data breach far outweighs the cost of proactive cyber security measures. Hence, cyber security is an investment in risk management, protecting the business against catastrophic losses that could set innovation back many years.
Being cyber certified (achieving ISO and other industry accreditations) often expedites the sales cycle for companies as it gives them a competitive advantage in qualifying them for more industry opportunities. This increases the profitability potential. Being cyber secure also mitigates the risks of being breached – which, according to IBM’s 2024 report, costs on average UDS 4.88m per incident. So in terms of cost avoidance, investing in cyber security capabilities has a direct positive return.
'Companies should prioritise innovation over security'
For
Against
Cyber security spending this year was 184 billion, a fraction of the 1.7 trillion dollars spent on global R&D investment.
Security builds trust, and customers are more likely to engage with a business if they know their data is safe.
Consumers buy a product or service because it is innovative, not because it has the best cyber security.
Trust also creates and fosters innovation as businesses are more likely to venture into new technologies and markets if they are not fearful of cyber attack.
Trust and safety should be fundamental expectations. We fail as a community if people choose a product/service to consume or engage with due to how safe they are.
For
Cyber security spending this year was 184 billion, a fraction of the 1.7 trillion dollars spent on global R&D investment.
Consumers buy a product or service because it is innovative, not because it has the best cyber security.
Trust and safety should be fundamental expectations. We fail as a community if people choose a product/service to consume or engage with due to how safe they are.
Against
Security builds trust, and customers are more likely to engage with a business if they know their data is safe.
Trust also creates and fosters innovation as businesses are more likely to venture into new technologies and markets if they are not fearful of cyber attack.
'There's no clear ROI for cyber investments'
For
Against
Spending for compliance reasons should not be seen as growth initiatives, but reaction to regulatory pressure (for example Microsoft’s initiative about improving security across their stack).
Investment in cyber security is also an issue of compliance, and non-compliance is quantifiable in the form of regulatory fines.
Stocks of businesses that experience cyber incidents are not being punished by the stock market as the public does not remember or care.
IBM’s breach report indicates the cost of a data breach to be at least 4.8 million per incident. Thus cyber security gives a return on investment via cost avoidance, as opposed to a cost centre.
For
Spending for compliance reasons should not be seen as growth initiatives, but reaction to regulatory pressure (for example Microsoft’s initiative about improving security across their stack).
Stocks of businesses that experience cyber incidents are not being punished by the stock market as the public does not remember or care.
Against
Investment in cyber security is also an issue of compliance, and non-compliance is quantifiable in the form of regulatory fines.
IBM’s breach report indicates the cost of a data breach to be at least 4.8 million per incident. Thus cyber security gives a return on investment via cost avoidance, as opposed to a cost centre.
![The Great Debate | Sekurokon](https://sekuro.io/wp-content/uploads/2024/11/Sekurokon2025-236-768x512.jpg)
Debate Topic #2
‘By 2030, cyber attacks will be the greatest threat to public safety as growing reliance on digital infrastructure exposes critical services like healthcare and utilities to severe vulnerabilities’
Trent mused about how unpredictable the actual impact of tech innovation on society can be, recalling how his own university lecturer was convinced that accountants would be made redundant by technology – a prediction that continues to be wrong thirty years later.
Here are the points arguing in favour of and against this thought exercise:
For
Against
Technology tends to be overestimated in the initial stages, but underestimated over its lifetime. In the case of AI, it was first predicted to solve the world, but it doesn’t. It does however start to permeate every aspect of life.
Cyber attacks are a threat, but so are other concerns that demand equal attention, from climate change, to geopolitical instability, and even biological pandemics.
As AI becomes more intrinsic to our way of life, the risks of cyber attacks also increase and become a crucial part of all other threats, including natural disasters and conflicts.
Meanwhile, as cyber threats continue to rise, cyber security measures are improving alongside.
Three of the top four risks highlighted by the World Economic Forum Global Risk Report are concerning public safety risk related to cyber security issues, one being misinformation and disinformation.
Information security threats exist, but would not be even in the top three of global threats. Physical security threats are limited geographically; digital connections can be severed very quickly, so threat information can be taken down.
The increasing use of Internet of Things in digital infrastructure and manufacturing within public services also compounds the consequences of disruption by cyber attack, especially if essential services are affected.
Redundancies are also built in to help manage threats.
Unlike natural disasters, which are geographically contained, cyber attacks can go beyond the boundaries of nations.
Meanwhile, other threats like climate change continue to be more pressing.
For
Technology tends to be overestimated in the initial stages, but underestimated over its lifetime. In the case of AI, it was first predicted to solve the world, but it doesn’t. It does however start to permeate every aspect of life.
As AI becomes more intrinsic to our way of life, the risks of cyber attacks also increase and become a crucial part of all other threats, including natural disasters and conflicts.
Three of the top four risks highlighted by the World Economic Forum Global Risk Report are concerning public safety risk related to cyber security issues, one being misinformation and disinformation.
The increasing use of Internet of Things in digital infrastructure and manufacturing within public services also compounds the consequences of disruption by cyber attack, especially if essential services are affected.
Unlike natural disasters, which are geographically contained, cyber attacks can go beyond the boundaries of nations.
Against
Cyber attacks are a threat, but so are other concerns that demand equal attention, from climate change, to geopolitical instability, and even biological pandemics.
Meanwhile, as cyber threats continue to rise, cyber security measures are improving alongside.
Information security threats exist, but would not be even in the top three of global threats. Physical security threats are limited geographically; digital connections can be severed very quickly, so threat information can be taken down.
Redundancies are also built in to help manage threats.
Meanwhile, other threats like climate change continue to be more pressing.
Both teams brought their A-game with persuasive, thought-provoking arguments. In the end, the “Against” panel earned the audience’s vote, concluding the debate on a lively and positive note.
![The Great Debate | Sekurokon](https://sekuro.io/wp-content/uploads/2024/11/Sekurokon2025-288-768x512.jpg)
Watch the full debate below and stay tuned for more excerpts from Sekurokon 2024.