By Shira Landau, Editor-in-Chief, CyberTalk.org.
EXECUTIVE SUMMARY:
In the current economic climate, CISOs face mounting pressure to reduce cyber security spending on account of factors like waning confidence in the economy, persistent inflation, and shifting business priorities. Although fiscal prudence can be challenging and may seemingly present unrealistic expectations, with resourcefulness and ingenuity, cyber security professionals can indeed achieve more with less.
Ahead of making the tough decisions, and jettisoning security solutions that appear to have limited ROI, explore the following means of conserving cyber security resources while maintaining morale and preparing for a never-before-seen attack landscape. Create the best possible scenarios and outcomes for your organization.
Here’s how to get started
1. Make the most of existing solutions. Many vendors offer consultative and educational resources to help security professionals fully understand and utilize the capabilities inherent in existing cyber security tools. There may be instances where expanded use of one tool could actually allow you to replace or eliminate another tool.
2. Review cyber security labor sourcing. Some organizations leverage third-party groups for specific cyber security work, but – despite the obstacles – it may prove less expensive to bring those specialties in-house. Or conversely, your enterprise may have a handful of tasks that would be more cost effective for an MSP or MSSP to take care of. Consider running differential cost analyses.
3. Consolidate cyber security. In some instances, consolidating cyber security not only increases security effectiveness and reduces spend, but it can actually drive revenue.
By consolidating cyber security, organizations can increase visibility. With expanded visibility and a higher number of actionable insights to work with, teams can respond to risk quickly and achieve more sustainable business performance over the long term.
4. Augment cyber resiliency measures. Despite the maintenance of strong cyber security teams, global enterprises are continuing to see disruptive cyber incidents. Continued investments in backup capabilities and other cyber disaster recovery measures can help you save on spend in the event of a breach. Should you need to win some budget for this, explain the downside revenue risk of under-investing in this part of a cyber security plan.
5. Automate where possible. According to IBM’s Cost of a Data Breach Report, organizations that leverage fully deployed AI and automation save $3.05 million per data breach as compared to organizations that fail to use these tools. In other words, enterprises that pursue AI and automation can save as much as 65.2% on breach expenses.
6. Implement a Zero Trust approach. Zero Trust reduces the risk of cyber breaches, as it prevents cyber attackers from exploiting excessive permissions. In some cases, a implementation of a Zero Trust security strategy has been shown to deliver a 92% return on investment with a payback period of less than half of a year. Zero Trust can lower the probability of a data breach by as much as 50%.
7. Think prevention-first. Preventing a disaster is more cost effective than responding to a disaster after the fact. The average cost of a data breach is $4.35 million, and enterprises in the healthcare and finance space often incur much higher costs than average. Quantification of prevention-first ROI must be based on how much loss organizations could avoid with a prevention-first approach. When crunching the numbers, you’ll likely see that a prevention-first focused security program wins the day.
In conclusion
Organizations can prepare for and succeed in the face of slashed cyber security budgets. Cyber security is all about innovation. To that effect, budgetary limitations simply represent an opportunity to approach security in innovative, new ways in order to achieve stronger outcomes. In this challenging time, leverage the insights above in order to proactively enhance your cyber security posture.
For more insights into achieving more with less, please see CyberTalk.org’s past coverage. Lastly, to receive more timely cyber security news, insights and cutting-edge analyses, please sign up for the cybertalk.org newsletter.
