How business acumen boosts application security

August 16 2023

To outpace the competition in an era where high-performing, secure digital experiences are expected, business acumen can inform AppSec priorities.

Now more than ever, business leaders are racing to build, modernize and deploy business-critical apps on-premises and within distributed, cloud native environments. In fact, IDC predicts 750 million cloud native applications will be created by 2025, making it imperative for organizations to recognize security as the business risk it is — and prioritize it as such. But to accomplish that, security professionals must first develop a level of understanding across all parts of the business and the KPIs their organization is built upon.

What it takes to outpace cybercriminals

In recent Cisco AppDynamics research, 78% of IT professionals agree that their organization is vulnerable to a multistaged attack affecting the full application stack over the next 12 months. There’s also common agreement among security professionals that it’s not if an attack will occur (that’s a given); it’s when and where it happens that will make or break a company.

The impact and ramifications of a breach can vary depending on where it occurs, so without a deep understanding of both security and what is business-critical to the company, it’s nearly impossible to protect what matters most. Furthermore, only 15% of companies believe they’re mature enough to be resilient against today’s cyber threats. This indicates that the uptake of strategies to outpace cybercriminals is lagging across all sectors, which leaves plenty of room for orgs to leverage application security as a competitive differentiator.

Protect what matters: Why business acumen is critical

Historically, IT and security professionals have been insulated from the need to understand inner workings of all aspects within an org. Now, as IT complexity mounts, CIOs and CISOs are leveraging business acumen to educate C-Suites and gain budget, tools and talent that focus security on key aspects of the business. But the effort can’t stop at the executive level. To align application security priorities with business priorities, business acumen must be extended to IT and security teams. This includes foundational awareness of company KPIs, roadmaps, business operations and financials. From that level of understanding, app, dev, sec and ops teams have an optimal position to bake in security early and retain the level of diligence needed to protect what matters most — across the application delivery chain.

Silos and manual processes are out — automation and collaboration are in

Agility is key in thwarting attacks within complex environments. But the volume of vulnerabilities, at any given time, is exceedingly difficult to track, and it’s a huge obstacle for technologists to overcome at the velocity developers are working today. In addition, the security talent shortage contributes to the uptick in cybercrime as cybercriminals build and invest in AI/ML for malicious intent. Without shared tools, business acumen and observability across the tech stack that can hold the line, organizations are forced to react in defense. To gain an offensive position, technologists must have an eye on security across the application delivery chain, especially where micro and macro decisions are made daily. To accomplish this, individuals and teams must share an understanding of the overall business so that forward-looking business-critical security can be a shared priority.

Business acumen and risk observability work together

Business Risk Observability pairs with application performance monitoring to alert on issues and deliver real-time understanding of the source and impact of vulnerabilities and threats across business-critical transactions. It pulls in threat and vulnerability intelligence information from the Cisco security product portfolio to provide risk scoring that combines application context, business impact and the latest security intelligence. In doing so, it helps teams collaborate on and prioritize mitigation strategies while aligning protection with user trust across the application stack.

Learn how Cisco Secure Application and Business Risk Observability can help your team bring a business-first approach to application security and schedule a demo to see it firsthand!


Audrey Nahrvar is a product marketing manager with a background in application security and ethical hacking. Audrey held positions at Autodesk and Shutterfly before joining AppDynamics in 2017 as a security engineer first and then promoted to security architect. In her off hours, Audrey enjoys spending time with her husky, in the mountains.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form