Navigating the Intersection of Innovation and Cybersecurity: A Framework

Abstract

Reliance on digital technologies for innovation management is unavoidable in current contexts. While digital processes and business models have been prioritised as key factors to drive innovation and value creation within firms, cybersecurity concerns are still rife. Increased levels and severity of cybersecurity breaches (CSBs) have had adverse effects on trust, caused significant revenue losses, and inflicted reputational damage on many firms. Further exacerbating these concerns is an observation made in the Global Risks Report of 2022, the World Economic Forum: cybersecurity measures taken by businesses are becoming increasingly obsolete. Many firms face severe consequences without implementing strategic objectives to limit the threats posed by CSBs. Cybersecurity breaches (CSBs) have a significant long-term impact on firm-level innovation and investment decisions. However, many firms are reluctant to examine or enhance their existing cybersecurity practices because of concerns that they may limit their innovation ability. Determining a method to limit CSBs and retain capabilities to perform necessary innovative processes is a delicate balance, with trade-offs to be considered within each process.

This paper aims to address the delicate balance between limiting CSBs and preserving the ability to undertake necessary innovative processes. Building upon the Cyber Security Maturity and Innovation matrix introduced by Nelson and Madnick (2017), this paper expands the framework by providing specific suggestions for each quadrant. The matrix classifies firms into different quadrants based on their reliance on innovation and their assessment of cyber risk. We then detail measures to improve cybersecurity maturity for firms in each quadrant, incorporating the National Institute of Standards and Technology (NIST) Cybersecurity Framework Version 1.1 (CSF) as a reference. By making well-informed decisions and implementing appropriate measures, firms can effectively mitigate CSB risks while continuing to drive innovation and create value. This expanded framework serves as a valuable tool for firms seeking to align their cybersecurity practices with their innovation objectives, in accordance with the NIST CSF.