Everything has multiple perspectives. A point of attraction could become the point of attack.
Example is setting up web site for presence in the cyber world.
The business people wish to have high hit rates of the web site to enhance brand visibility, collect surfer behaviors for analytics, thus pushing the right level of promotion and adjust market strategy. All these are to prove the ROI for web site TCO.
The technical people wish to lock down the web site to avoid being defaced or being planted with malicious codes for persistent threats. All these will inevitably affect certain functionalities or incurred extra cost. Such investment is to prove avoidance cost rather than ROI because people generally expect cyber secure – rather than by investing $X, $Y will be gained.
Bridging the gap will require cyber governance at the top level to set out cyber directives within an organization, resolve issues and have a final say for conflicts arising, approve the annual budget and then the actual usage of the cyber initiative spending.