In the past, cyber security executives have received the financial support required to keep organizations protected from the most menacing of cyber attacks. However, current economic conditions have left leaders at all levels rethinking approaches to investments in cyber security tools and services.


Economic pressure

At present, cyber security executives are under immense pressure to improve efficiencies; and often with fewer resources than in the past. At the same time, cyber security executives must also keep pace with increasingly sophisticated threats in a dynamic landscape.

These days, cyber attacks are a question of “when,” not “if.” But, in relation to precise cyber security needs and spending, there are a lot of question marks.

Investing wisely

This year, CISOs need to present the case for robust cyber security in a compelling fashion. One classic and effective argument is that the negative impact of a business disruption caused by a cyber incident can significantly outweigh the cost of new cyber security tools.

Whether the economic downturn is a temporary blip on the radar or spirals into a prolonged period of austerity, CISOs need to show that they are operating as cautious stewards of financial capital, says Merritt Maxim, vice president and research director at Forrester Research.

CISOs also need to generate goodwill and reduce the perception of security as a cost center. In altering perceptions, CISOs will need to work collaboratively across departments, and to share firm projections of long-term ROI for cyber security spending.

Sustained funding

In this economy, cyber security functions that warrant increased or sustained funding include application programming interface security solutions, bot management solutions, cloud workload security, container security, multi-factor authentication, security analytics and zero-trust network access.

CISOs may also wish to invest in their talent, advancing their abilities to leverage artificial intelligence and automation. Both AI and automation can help organizations reduce costs in the long-term, while increasing productivity and security.

Maximum value

As alluded to previously, in an economic downturn, leaders need to ensure that their spending generates maximum value. Here’s an example to consider: On-premises technology spending remains quite significant, despite the shift to the cloud. CISOs should assess on-premises spending to determine whether or not it aligns with the modernization strategy of the IT department as a whole; ensuring that budget is not misallocated.

Investing in tools

This year, security leaders should invest in tools that protect an organization’s customer-facing and revenue-generating workloads. According to Forrester, there is immense potential in four categories of cyber security tools; software supply chain security, extended detection and response (XDR) and managed detection and response (MDR), attack surface management (ASM), along with breach and attack simulation (BAS), and finally, privacy-preserving technologies (PPTs).

For more insights, see the full story here. Lastly, to receive more cutting-edge cyber security news, best practices and analyses, please sign up for the CyberTalk.org newsletter.