Delivering innovations and ensuring the organization stays safe are two of the biggest priorities for the modern company. Unfortunately, many see these two priorities as being at odds, with the ever-increasing number of cybersecurity requirements and regulations seeming to slow down and stifle work and innovation at every turn. But does that have to be the case?

Below are some thoughts and suggestions on balancing risk-taking with risk management and why maximizing cybersecurity can help rather than hinder your larger mission.

Embrace the Cloud While Keeping Security Top of Mind

Indiana University of Pennsylvania (IUP) answered the recent rising demand for distanced learning by leaning heavily into cloud technology. What CIO Bill Balint and his team found was, rather than representing a risk, their investment in the cloud served a dual purpose. The cloud improves the accessibility of learning materials and “client” — students in this case — services, but it doesn’t have to leave organizations vulnerable.

As the digital footprint of IUP’s digital services expanded, the university became better able to serve a more widely geographically dispersed customer base faster, using a more robust set of online portals, learning programs and self-service tools.

Data gathering was never an issue, but the technology used to house it was neither secure nor accessible enough to deliver the value IUP and its students desired. One of the distinctions Balint’s team had to make was between information that’s essential for the user and information that’s essential to system administrators.

To that end, the National Cyber Security Centre in the U.K. and similar oversight groups publish resources on data bifurcation and other practices. Choosing cloud products with adequate access-control measures and using always-on data encryption are two ways to enforce this separation.

Many company decision-makers pursue cloud computing as part of their growth strategies. When people can access data in the cloud, they can work from anywhere and stay productive.

Research Shows the Link Between Cybersecurity and Business Success

Whether cloud computing in particular plays a significant role in your plans, prioritizing cybersecurity can make your company stronger and more successful. Those advantages allow more freedom for innovation.

A 2023 Accenture report about cybersecurity resilience polled security and business executives worldwide. It found that matching cybersecurity programs to the company’s objectives caused a 26% reduction in the costs of data breaches or other incidents.

Such businesses are also 18% more likely to achieve their market share and revenue growth goals. Having a profitable company also increases the chances of people feeling encouraged to discover new ways to innovate throughout the business.

Honor Regulatory Requirements Without Slowing Down

Regulatory compliance is another factor CIOs and other decision-makers sometimes see as a stumbling block rather than an opportunity. The educational world is held accountable to the Family Educational Rights and Privacy Act (FERPA). This law has been on the books since 1974, but institutions must continually reevaluate its content through the lens of new technologies.

If a company or working group needs to quickly scale up its operations — to support mobile and remote teams or to bring on geographically dispersed clients — it can go in several different directions to do so.

Like the IUP team, IT experts working for the government of Colorado realized they wouldn’t be able to provide modern services, access and adequate cybersecurity with their current technologies and portals. In a bold move to combine cybersecurity and convenience on the ground floor, the state launched its Colorado Digital ID program in 2019 to make interacting with government services more accessible and faster.

This is an example of an organization realizing building something new with cybersecurity at its core is frequently the more cost-conscious move, compared to trying to adapt existing digital infrastructure to new cybersecurity standards.

Other organizations demonstrate best practices through their failures, such as when the SEC levied a $2 billion fine against the world’s biggest banks in 2022. The major issue was the unsanctioned use of WhatsApp among bank employees to discuss sensitive financial matters.

On one hand, you can look at this as a rebuke of WhatsApp and similar technologies, but you’d be handicapping yourself. On the other hand, you can witness Wall Street’s failure to protect itself and research what it takes to secure WhatsApp or similar platforms properly. One doesn’t have to scrap modern convenience entirely, but using tools without understanding how to protect them could result in huge setbacks.

In a 10-day study of workplace behaviors, researchers discovered 67% of team members breached cybersecurity protocols at least once in the name of expediency or even to “help others get their work done.” It’s tempting to think of cybersecurity as an impediment, but that thinking only makes you even more unsafe.

One answer to this challenge is understanding how team members use or wish to use digital tools at work and creating a clear set of standards for doing so. This is a matter of organizational culture. Other methods include restricting the usage of personal devices if you can’t limit digital connectivity tools themselves and turning to a recommended vulnerability management tool for automated security checks and compliance assistance.

Explore New Methods of Cybersecurity Training

Many cybersecurity experts say an organization’s employees are some of its weakest links. That doesn’t necessarily mean the workers will act maliciously to cause insider cyberattacks. However, it’s more common than people think for employees to make errors that compromise cybersecurity and have other undesirable consequences.

A 2022 study revealed that 36% of employees had made workplace mistakes that negatively impacted cybersecurity. Another finding was that 40% of respondents had emailed the wrong recipients. In 29% of those cases, their companies lost customers because of the errors.

A robust and regularly updated cybersecurity training program could reduce those mishaps that might harm a company’s reputation and restrict its growth potential. However, the training material’s content, format and delivery method must seem relevant to workers.

Some innovation-first companies have experimented with high-tech training methods to keep workforces better informed about the newest online threats and appropriate preventive measures. Consider some of the findings from a 2023 survey about how cybersecurity training has changed. For example, 60% of companies use realistic simulations to teach employees. Only 36% did in 2020, indicating rapid adoption.

Classes that occurred in-person fell by 50%, particularly as more companies moved to cloud-based training. Another interesting statistic from the study was that companies spend an average of $3.5 million on cybersecurity training programs, a major increase over 2020 numbers.

The researchers also examined what made training programs particularly effective and have higher returns on investment. Role-specific content and realistic simulations were valuable, along with broad adoption. Many companies are now reporting results to the C-suite, making it particularly important to choose measurements to gauge effectiveness.

Why Innovation and Security Go Hand in Hand

Upholding rigorous, industry-leading cybersecurity could be a golden brand-building initiative. Who wouldn’t want to attend a university or work for a health system without any data breaches yet? Promoting excellent cybersecurity standards can go a long way in fostering innovations and a healthy business.