Why cybersecurity is a hidden driver of innovation in tech

New product launches, AI-powered services, scaling operations – all these things catch the headlines. But beneath them sits a hidden layer that’s far too often underestimated: cybersecurity. Without it, bold innovation is brittle. 

In an interview with our colleagues at Black Hat MEA, Bernard Assaf (CISO at Airbus) put the challenge like this:

“Striking this balance requires moving from restrictive gatekeeping to an enabling, risk-based framework.” When done right, security doesn’t have to slow you down. It actually lets you move with confidence.

The 2025 EY Global Cybersecurity Leadership Insights Study makes the same point, but with hard numbers. It found that when cybersecurity teams are involved early in enterprise-wide initiatives, they contribute a median of USD $36 million in value per project. That figure shifts by company size – smaller organisations still see around $11m, while the very largest (with revenues above $20B) report significantly higher values. 

Cybersecurity hasn’t always had a particularly exciting reputation. But today, it enables growth, innovation, and acts as a competitive advantage. 

Turning organisations into secure creators 

EY makes a useful distinction between organisations it calls ‘Secure Creators’, and their less proactive counterparts, ‘Prone Enterprises’. The Secure Creators are the ones where cybersecurity leaders are not just responders but co-architects of transformation. They’re nearly 20% more likely to help business functions adopt AI (48% compared with 31%)  and they report a stronger positive impact on brand perception and customer experience. 

When we spoke to Oscar Barranco Liébana (Integrated Operations Platform Director, FIFA World Cup Qatar 2022), he touched on this very interplay between technology, people, and scale. For him, innovation that lasts comes from orchestrating many perspectives:

“The optimisation of global collective intelligence, human-AI collaboration and effective structured stakeholders’ interaction produces high quality innovation.”

The Secure Creator mindset makes sure cybersecurity doesn’t sit on the sidelines of that orchestration. It’s a conductor, instead of just a safety officer.

Security should be embedded in tech and leadership 

In another conversation with the team at Black Hat MEA, Daniel Bowden (CISO at Marsh McLennan) captured the leadership stance behind this shift: “Adaptability beats orthodoxy every time.” He was talking about navigating the challenges that come with pivoting from one industry to another – but the same principle applies if we want security to enable innovation. 

Adaptability means security leaders show up in product meetings and transformation discussions not to block ideas, but to guide them, and to problem-solve with dev teams. It’s why Assaf champions a ‘Shift Left’ approach: building security into development pipelines with automated guardrails so that engineers can ship faster without creating expensive rework later. And when people understand the why behind the guardrails (through strong communication and storytelling), they use them more effectively.

But the EY study shows just how rare this is. Only 13% of CISOs reported being consulted early in strategic decisions – but when they are, the value they create is significantly higher. That means too many businesses are leaving growth on the table by treating cybersecurity as an afterthought.

Efficiency and the new ROI 

When it’s embedded early, cybersecurity both creates value and delivers efficiency. EY’s study highlights annual savings of a median $1.7 million from simplification and automation. Organisations that go further with automation also reduce their security incident detection and response times by an average of 28%. 

Apart from being security wins, those faster response times mean less disruption for customers, smoother scaling for operations, and more resources freed up to reinvest in the next wave of innovation.

So robust security multiplies innovation. It makes your ecosystem partners more willing to plug in. It gives your regulators more confidence in your approach. And it means your customers are more likely to trust the services you ship.

Seeing cybersecurity as a strategy (not just a safety net)

For tech industry people who aren’t in the business of security, all of this can be a bit overwhelming. Knowing where to start feels complicated – but it doesn’t have to be. 

For Bowden, the answer is adaptability. For Assaf, it’s embedding guardrails earlier and telling better stories. For Barranco Liébana, it’s orchestrating collaboration between humans and machines. And for EY’s researchers, it’s recognising that cybersecurity isn’t just a cost centre but a strategic asset that, when engaged early, adds millions in measurable value.

So bring in the professionals and partners you need to make sure you can embed early, be adaptable, and make cybersecurity a strategic asset for your organisation. Cybersecurity lets you climb higher, faster, and safer; so make it a priority.