EXECUTIVE SUMMARY:
In the past, cyber security executives have received the financial support needed to keep organizations protected against sophisticated attacks. However, current economic conditions have left leaders at all levels rethinking approaches to investments in cyber security tools and services.
Economic pressure
As is the case for organizational spending across many departments, cyber security is not immune to economic pressure and forecast uncertainty, notes Daniel Soo, an analyst for Deloitte.
At present, cyber security executives are under immense pressure to improve efficiencies; and often with fewer resources in the past. At the same time, cyber security execs must also keep pace with increasingly sophisticated threats in a dynamic landscape.
Investing wisely
This year, CISOs may need to elevate their arguments for cyber security spending. One classic and effective contention is that the negative impact of a business disruption caused by a cyber incident can outweigh the cost of cyber security tools.
Regardless of whether the economic downturn is a temporary blip on the radar or spirals into a prolonged period of austerity, CISOs need to show that they are operating as cautious stewards of financial capital, says Merritt Maxim, vice president and research director at Forrester Research.
CISOs also need to generate goodwill and crush the perception of security as a cost center. In so doing, CISOs may want to start by determining how to simplify and streamline security; eliminating cyber security complexity.
Sustained funding
In this economy, cyber security functions that warrant increased or sustained funding include application programming interface security solutions, bot management solutions, cloud workload security, container security, multi-factor authentication, security analytics and zero-trust network access.
CISOs may also wish to invest in their talent, advancing their abilities to leverage artificial intelligence and automation. Both AI and automation can help organizations reduce costs in the long-term, while increasing productivity and security.
Maximum value
In an economic downturn, leaders need to ensure that their spending generates maximum value. Case-in-point: On-premises technology spending remains quite significant, despite the shift to the cloud. Does this represent a mis-allocation of security budgets? CISOs need to closely observe on-premises spending to determine whether or not it aligns with the modernization strategy of the IT department as a whole.
Investing in tools
Security leaders are encouraged to invest in tools that protect an organization’s customer-facing and revenue-generating workloads.
According to Forrester, there is promising potential in four categories of cyber security tools; software supply chain security, extended detection and response (XDR) and managed detection and response (MDR), attack surface management (ASM), along with breach and attack simulation (BAS), and finally, privacy-preserving technologies (PPTs).
In addition to investing in the right cyber security tools, CISOs of course have to invest in their people. While it’s tempting to cut spending on human capital when the economy stagnates, experts say that cutting jobs won’t save much as compared with cutting other expenditures.
For more insights, see the full story here. Lastly, to receive more cutting-edge cyber security news, best practices and analyses, please sign up for the CyberTalk.org newsletter.
The post Executives make the case for continued tech investments appeared first on CyberTalk.