IBM Institute for Business Value Research InsightsCapturing thecybersecuritydividendHow security platformsgenerate business value运动运营动运动运动运营动运营动运动运营动运营动How IBM and Palo AltoNetworks can helpIBM Consulting and Palo Alto Networks have joined forcesto deliver AI-powered,fully integrated,open,end-to-end securitysolutions to enterprises.From consultation through execution,运动we can help you modernize your cybersecurity program,saving time,money,and resources as well as enhancing your organization'sresilience againsttoday's complexthreats.For more information,visit ibm.com/consulting/palo-alto.ForewordOrganizations around the globe are facing a pivotal momentin security-one that requires urgent action.Digital connectivity expands attack surfaces and creates new vulnerabilities.Cyberattacksare becomingmore sophisticated and harder to defend against.And AI is beingused by bothdefenders and attackers,creating a race in cybersecurity capabilities.Cybersecurity tools and solutions abound,most promising some sort of sea change.In realitythough,many deliveronly arippleor,at best,a passing wave.Why?Complexity is getting in theway of results.The cybersecurity landscape has always been a complex web of threats and countermeasures.But the proliferation of threats and the mind-boggling number of potential responses todayis enough to rob a Chief Information Security Officer or Chief Technology Officer of somemuch-needed sleep.Organizations jugglean average of 83 different security solutions from29vendors.It's unnecessary convolution and risk.More tools equal more threats;everyintegration is a potential point of entry for bad actors.In today's world,effective security requires platformization.Platformized organizationstake 72 days less,on average,to detect a security incident and 84days less to contain one.Consolidatingmultipletools into a unified platform not only bolsters security posture,it alsoreduces costs and improves operational efficiency-two things any C-suite executive orbusiness leader will welcome.And when it comes toAI,a platform approach best enablesan organization to ingest and analyzedata,and then deliver actionable insights.Ourroles give us an opportunity to engage with organizations from every industry andgeography,providingus a view from the security mountaintop-and we seethat waitingis ariskygame.This isn't just about future-proofing,it's about safeguardingthe present.Imagine security tools that harmonize seamlessly,sharing intelligence and automatingresponses at an unprecedented speed.This vision is alreadya reality for many organizationsthat have platformized their security since Palo Alto Networks introduced the conceptone year agoand efficiency-all leadingto tangible business benefits.A robust,integrated security platformcan be the shield that protects yourorganization's reputation,customer trust,and bottom line.In today's AI-fueled world,strong partnerships are more essential than ever.Thestrategicpartnership between IBM and Palo Alto Networks brings together leading security platform,AI,and transformation capabilities.Collaboratingon thisreport,we haveidentified what it takestosuccessfully pivot to security plat formization and what it can deliver for yourorganization.Together,weare unique in our ability to help you embrace this opportunity and be the bestpartners for youMohamad AliBJ JenkinsSenior Vice President and HeadPresidentIBM ConsultingPalo Alto NetworksKeytakeaways52%of executives say■Security fragmentation is nowcomplexity is the biggestthe unhappy norm.impediment to theirThe average organization has 83 different securitycybersecurity operations.solutions from 29 vendors.A majority,52%,of executives say complexity is the biggestimpediment to security operations.■Security platforms bring fasterresponse times and higher ROI.Platformized organizations take 72days less,onaverage,to detect a security incident,and 84 daysless to contain one.They also reapan average ROIof 101%,compared to 28%for those that are not yetembracing platformization.■Platformization moves the securityfunction from“necessary cost'”to value generator.96%of executives in our survey who have adoptedplatformization say security is a source of value,compared to just 8%of those who haven't.The average cost of securitycomplexityis more than5%of annual revenue.Cybersecurity shouldboost the bottom lineAs the digital landscape continues to change,organizationsface a daunting reality:cybersecurity complexity is eatingaway at their bottom line.In fact,cybersecurity is more expensive than ever.The averagecostof a data breach rose 10%in 2024,to an all-time high of $4.88million.1 And when a growing threat landscape is addressed withmore security solutions,an organization's overallsecurity costs risesignificantly,with cybersecurity spending expected to grow morethan 50%from 2023 to 2025.Meanwhile,80%ofexecutives agreethey face pressure to reduce the cost of security.The illusion of "more solutions,more security"Many organizations have continued to add to their stable of securitysolutions,hoping to plug holes as they become apparent and asthreats increase.But our research shows this approach is not a pathto success-instead,it adds complexity and inefficiency.There'sa limit to how far you can get by adding more security solutions.That strategy graduallydilutes the benefits of each new solution andultimately reduces security effectiveness(see Figure 1).So what is the solution?Where is there opportunity,what modelsexist,and what lessons can they teach?To explore these questions,the IBM Institute for Business Value(IBV)partnered with Palo AltoNetworks to survey 1,000 executives involved in security across21 industries and 18countries.The results provided some clearopportunities and actionable lessons.Tellingly,52%of executives say complexity is the biggest impedimentto their cybersecurity operations.When asked to estimate the totalimpact of security complexity to their business,responses fromC-suite executives on the security front line were startling.Based on“Cybersecurity istheir responses,the average cost of security complexity is more thana permanent race."25%of annual revenue.For a company with $20 billion in annualHauke Starsrevenue,that's a $1-billion annual cost to the business resulting fromMember of the board,IT Datasecurity incidents,inefficiencies,failed digital transformation efforts,Volkswagen AGstalled AI initiatives,loss of customer trust,and reputational damage.FIGURE 1Platforms bring fewer point solutions,more effective security overallSecurityeffectiveness100%个WithRisk gapplatformizationRisks remain due tospend,capacity,andcomplexity constraints0Withoutplatformization50%50100Number of security solutionsThe security business challenge facing many leaders:Security complexityAs the number of securityThis results in a dynamicdirectly impacts businesssolutions proliferates,morewhere complexity feeds itselffactors like ROI.spend is required to achieveand leaders can never spendfewer outcomes."enough"on cybersecurity.An antidote to the costs of security complexityBy addressing complexity-strategically consolidating and integrating securitysolutions onto a common platform-organizations can dramatically lower their riskposture,reduce their costs,and unlock improved business opportunities.We call thissecurity platformization-and our research shows a distinct connection betweenplatformization and positive business and security outcomes(see Figure 2).FIGURE 2Platform users gainpractical benefitsat all levels0Digital280%transformationmore likely to haveaddressed digitaltransformation limitationsfrom fragmentationIT/IS IntegrationNearly3Xmore likely to have addressedIT/IS integration limitationsfrom fragmentationSecurity strategyoperations275%more likely to haveaddressed securitytransformationfragmentation0SOC operatorsAlmost3Xmore likely to use AI andautomation to relieve pressureon security analysts70%less likely to reportworkload increasesfrom fragmentationThere's a better way to approach securityThis report outlines how a shiftin strategic approach to securityplatformization can generate benefits,plus delves into the significantimpacts platformization can have on AIinitiatives.In addition,we'lloffer a guide to realize these improvements.Current securityapproaches are nota path to success80%of executives agree they facepressure to reduce the cost ofsecurity even as new threats emerge.74%of executives agree thatthe current workload on theirsecurity operators is excessive.52%of executives agree thatfragmentation of their securitysolutions is limiting their abilityto deal with threats.PerspectiveHow we analyzed the impactof security platformsTo assess the role of security platformization in overall security and business performance,we analyzed the 1,000 organizations in our survey set.We developed an index of securityplatformization based on four key criteria:Simplification.How great a role does consolidation play in security strategy?-Portfolio rationalization.How consolidated are security tools and technologies?Proactive housekeeping.How well and regularly are outdated security solutionsidentified and removed?Platforming progress.To what extent are security platforms adopted?For each criterion,executives answered a scaled question assessing their progress.The platformization index was created as a simple average of their scores on eachof the four.Throughout this report,we illustrate the relationship between platformization indexscoresand performance via scatter diagrams or by segmenting the 1,000 executives into quartilesbased on their index scores.The top quartile refers to the organizations with the highestplatformization index scores,while the bottom quartile consists of the organizations withthe lowest platformization indexscores.But it's not where organizations sit on the index thatis the nugget of gold in this research-rather,it's the relationship between platformizationand various positive outcomes.Key takeawaysOuranalysis reveals a strong correlation between the platformizationfrom the analysisindex and key security performance metrics.Organizations with higherplatformization scores demonstrate:Faster incident response.Platformized organizations take 72 days less,on average,to detect asecurity incident,and 84 days less to contain one.Improved ROI.An average ROI of 101%compared to 28%for thosethatare not yet embracing platformization.Platformization explains 48%of the variation in ROIEnhanced return on security investment(ROSI).An average ROSIof 116%compared to 32%for those that are notyetembracingplatformization.Platformization explains 49%of the variation in ROSI.In short,the data indicates security platformization helps drive improvedperformance and optimizes the value of security investments.Platformizedorganizations take72days less,on average,to detecta securityincident,and84days less to contain one.'When we did all the math.we actually knocked our cost down by severalhundred thousand dollars per year.If you looked at all the components thatwere included,we were able to say it's not only do we get more,but we pay less."Jerry CochranDeputy Chief Information Officer;Divis ion Director,Cybersecurity DigitalOpsPacific Northwest National Laboratory (US)"One of the main benefits of the security platform is that our providerhas a roadmap.We can align our strategy to capitalize on that.We gain efficiencies because our security partner is showing us howthe solution will evolve.They are making the investments necessaryto develop the platform and integrate the different capabilities."Javier Torres AlonsoDigital transformationDigital transformation and platforms:A business performance boostRethinking riskThink about a large construction project with multiple contractors,each usingtheir own tools,materials,and blueprints.While each contractor might be skilled,coordinating their efforts without a unified plan and shared resources can leadto delays,inefficiencies,and potential safety hazards.The currentstate of cybersecurity is similar.Organizationshave accumulated security products and services over time ona tool-by-tool basis.Each has its own dashboards,data models,training needs,and more.Our research shows that enterprises jugglean average of 83 different security solutions from 29 vendors,creating atangled,expansive mess that frustrates securityprofessionals and hinders overall effectiveness.Security platformization is the equivalent of unifying the constructionunder a single generalcontractor,with standardized equipment andprocedures.Platformization eliminates unnecessary repetition ofwork,simplifies operations,and empowers security teams to focuson strategicinitiatives.The benefits are compelling.Organizations in our study that haveOur research showsmade strides toward platformization report substantially fewerthat enterprises juggleincidents and data breaches.Their mean time to identify (MTTI)oran average ofdetect security incidents is 72 days shorter,while mean time tocontain(MTTC)-the time it takes to resolve an incident-is 84 daysdifferent securityless.Also,80%of platformization adopters in our research say theysolutions fromhave full visibility into potential vulnerabilities and threats,versusonly 28%of non-adopters.(vendors.FIGURE 3Organizations with the greatestsecurity platform maturity arefaster to identify and containsecurity incidentsMean time to2502008150●:100500●-2.00-1001002.00Mean timecontain (MTTC)250200150100●2001000.0010020010FIGURE 4Platformized organizations see greater business%of respondentsindicating their cybersecurityof respondents indicating their cybersecurityinvestments have generated significantinvestments have generated significantimprovements in revenue generationimprovements in operational efficienciesBottomSecondThirdTopBottomSecondThirdTopquartilequartilequartilequartilequartilequartilequartilequartile73%68%27%19%2%6%1%2%Revenue generation and efficiency7out of 10Security platformization can further businessorganizations with a high degree ofgoals.In fact,in our research,seven out of 10platformization report that cybersecurityorganizations with a high degree of platformizationinvestments have helped revenue generationreport that cybersecurity investments have helpedand operational efficiencies.revenue generation and operational efficiencies.Only 2%of executives from organizations that haveyet to move toward platformization say the same.0n1y2%of non-platformizedorganizationsThis advantage comes in part from enhanced agility.report the same.Many digital transformation efforts can be derailedby security concerns.Yet among platform users,only 10%of digital transformation initiatives fail toscale due to security concerns,compared to 26%Action guidefor non-platform users.Rationalize your security toolset.EstablishWhat's more,platformization aids innovationa working group with your security,technology,initiatives.Too often.in the normal course ofand business leaders to evaluate the impactbusiness,cybersecurity is relegated to the roleof security complexity on key performanceof gatekeeper-a last line of defense that slowsmetrics.Conduct a comprehensive securitydown responsiveness and deters experimentation.toolset assessment,including a cost-benefitIn contrast,organizations in our study that useanalysis of each tool.Identify redundancy,integrated security platforms have greatergaps,and opportunities for consolidationvisibility,control,and access to automation.or replacement.That helps transform security from a cost centerto a value driver.Pivot to a platform-first approach.Engage theright partner to build a business case forIn fact,96%of executives in our survey who havesecurity platformization.Prepare a board-leveladopted platformization say securityis a source ofbriefing on operational benefits and costvalue,compared to just 8%of those who haven't.savings to gain C-suite buy-in.Create a roadmapfor scaling your security platform.11PerspectiveWhat defines a goodsecurity platform?Security platforms combine numerous solutions into a tightly integratedarchitecture that makes the whole(the platform)better than the sum of theparts(the corresponding"best-of-breed"point solutions).The idea of securityplatformization follows a consolidation logic many organizations have appliedto other parts of their business,such as enterprise resource planning(ERP)or customer relationship management(CRM).Rather than managing security capabilities independently of each other,you canmove security capabilities onto a common platform to ensure greater visibilityand better governance across the operations lifecycle.Rather than forcingpiecemeal parts together to manage your security posture,you let the platformcarry the burden.Identity and access management capabilities are informed byzero trust,network segmentation,and endpointdetection and response(EDR)capabilities.The AI-generated insights from your security information and eventmanagement(SIEM)solution are available to SOC incident responders.By reducing the number of application integrations,you decrease potentialvulnerabilities from misconfigurations and data mismatches.By reducing thenumber of handoffs,you improve response times and increase accountability.As you consider platforms,here a few characteristics they should have:The consolidated platform is as secure or better than the corresponding pointproducts you're currently using.Adopting a platform should never meansacrificing security efficacy for simplified management or vendor consolidation.The platform is modular.It has to be,to allow your organization to grow intothe platform over time.You must be able to adopt the platform in wholeor in parts,without losing its ability to address the use cases being considered.It streamlines integrations.Integrations should make each component strongerthan it is on its own.All too often,platforms are developed by building a single userinterface(UI),but with each product operating entirely independently beneaththat UI.While this approach might improve visibility,it fails to capitalizeon the more meaningfulbenefits from architectureal integration and operationalstandardization.True consolidation involves rethinking technology solutions butalso people and support processes.Everything from policy management toreporting must be consolidated and tightly integrated.12"Our security team has to manage multiple environments-hybrid cloudand on premises.And with the platform,for the first time,it feelslike we're securing them at the same time and can see real-timewhat's happening in both.We've enhanced overall securityin an integrated way."Syed FaheemInformation Technology Infrastructure Operations Managermuvi Cinemas(KSA)IT/IS inte grationBuilding a bridge between informationtechnology and information securityTraditionally,information technology (IT)and information security (IS)have operated in separate silos with different priorities and responsibilities.The move to platformization makes security operations an integral partof the broader IT estate-as much a contributor as a consumer.Our research shows that 80%of organizations without a unified platform strugglewith fragmentation.The lack of cohesiveness for companies that have not adoptedplatformization can make them vulnerable to potential threats simply because theylack visibility and awareness.Deliberate,integrated design matters more than everWhile threat actors are deploying AI and automation capabilities,cyber defenders continueto struggle with skill,capacity,and coordination issues.New tactics like multiple extortioncampaigns mean data breaches and ransomware are simply steps in far more sophisticated,coordinated attacks.Within the next two years,90%of executives expect to be scaling,optimizing,or innovating withAI.3 A security platform affords the common governance needed to deliver the AI capabilitiesshaping the future.As hybrid cloud services become commonplace,and AIoperations become the norm,integration runtime capabilities across IT and IS solutions are essential.Three out of four(75%)organizations that have embraced security platformization agree that better integration acrosssecurity,hybrid cloud,AI,and other technology platforms is crucial.This doesn't just meanintegrating the technologies themselves;it involves increased collaboration and rethinkingoperational governance for a hybrid-cloud-and-AI fueled world.It means spending less timethinking of how to connect solution architecture with operations and more time thin king aboutimproving speed to insight and outcome efficiency.13