Security leaders have long heard from pundits and their own executives that they've got to stop infosec organizations from being the departments of 'No' if they want to maintain relevance in today's innovation economy. However, many of the business arguments for rapid adoption of game-changing technology and methods have been made with too many platitudes and vague assertions and not enough statistical evidence. The fast and loose nature of some claims have given risk-averse CISOs enough ammunition to wantonly act as organizational speedbumps in the path of innovation.

But a pair of studies out this week offer up some real numbers and empirical backing to the reasons why CISOs with a stubborn streak need to rethink how they're helping their organizations manage risk. The numbers offered by these reports provide more proof than just gut feelings pointing to how innovation drives top-line revenue growth, bottom line efficiency, retention of key employees and everything in between -- and they're worth a look by all lsecurity pros who default to 'no.'

First up was a study by Adobe that offers some long-awaited statistical evidence for claims that technology afforded by BYOD, pro-sumer SaaS services and the like can impact employee satisfaction and retention efforts. Called "Work In Progress," the survey polled over 1,000 U.S. workers to examine attitudes about working conditions and technology that impact career decisions. Most relevant to this discussion is the finding that 81% of those questioned say state-of-the-art technology is important at work, outranking food and beverage, office design and on-site amenities. In other words, forget the free candy wall -- these workers want their tablets loaded and ready to use the apps they need to get through the day as efficiently as possible.

According to 85% of those polled, technology makes them more productive; employees who say that their company is "ahead of the curve" love their work twice as much and feel about twice as creative, motivated and valued compared to those who rate their companies as being "behind the times." The problem is that only one in four U.S. workers think that their company is ahead of the curve. And while the study didn't look for the link you can bet that for at least a plurality of those behind-the-times security issues have something to do with the lag.

Meanwhile, at the same time as this study was released, another one from Cisco took a look at the money left on the table when organizations in the financial market fail to quickly adopt disruptive technology. The study calculated the digital Value at Stake (VaS) for retail banks from 2015 to 2017, potentially available to capture through investments in disruptive technology like analytics, mobility, video and virtualized delivery models.  

According to Cisco, that number is a whopping $405.3 billion. Unfortunately, last year only about 29% of that opportunity was captured.

“Too many banks are moving slowly or not at all. By waiting to digitize their businesses, or by delaying new technology initiatives, banks risk not only missing out on the potential dollar VaS but are actually at risk for being put out of business altogether," says Jason Bettinger, director of financial services for Cisco’s business transformation group.

A big part of that slowdown can be laid at the feet of cybersecurity programs unable to move quickly. Cited in this week's report is a study of over 1,000 senior finance and line of business executives, 71% of whom said that cybersecurity risks and threats hinder digital innovation at their organizations. Six in ten said their organizations are reluctant to innovate in areas like digital products and services due to perceived risks, with delays occurring in digital initiatives around omnichannel capabilities, wealth management and asset transfers, mobile banking and mobile payment capabilities, self-service and virtualized delivery models.

Related content: