In the current economic climate, CISOs face mounting pressure to reduce cyber security spending on account of factors such as waning confidence in the economy, persistent inflation, and shifting priorities. Although fiscal prudence can be challenging and may seemingly present unrealistic expectations, with resourcefulness and ingenuity, cyber security professionals can indeed achieve more with less.
As per a recent survey by PwC in India, the Global Digital Trust Insights – India edition, 69% of business executives said that their cybersecurity budget increased in 2022, and 65% plan to spend more on cyber in 2023. This upward trend in budget allocation underscores the critical importance of cybersecurity in resilience planning. This is further supported by Gartner analyst firm, who forecasts that India Security and Risk Management spending will grow some 8% in 2023, with security services spending to total some 40% of total security spending.
However, the recessionary headwinds have also been impacting various CISOs. Ahead of making the tough decisions, and jettisoning security solutions that appear to have limited ROI, explore the following means of conserving cyber security resources while maintaining morale and preparing for a never-before-seen attack landscape.
To create the best possible scenarios and outcomes for your organization, CISOs need to :
- Make the most of existing solutions. Many vendors offer consultation and educational resources to help security professionals fully understand and utilize the capabilities inherent in existing cyber security tools. There may be instances where expanded use of one tool could actually allow you to replace and eliminate another tool.
- Review cyber security labor sourcing. Some organizations leverage third-party groups for specific cyber security work, but – despite the obstacles – it may prove less expensive to bring those specialties in-house. Or conversely, your enterprise may have a handful of tasks that would be more cost effective for an MSP or MSSP to take care of. Consider running differential cost analyses.
- Consolidate cyber security. In some instances, consolidating cyber security not only increases security effectiveness and reduces spend, but it can actually drive revenue. By consolidating cybers security, organizations can increase visibility. With expanded visibility and an increased number of actionable insights to work with, teams can respond to risk quickly and achieve more sustainable business performance over the long term.
- Augment cyber resiliency measures. Despite the maintenance of strong cyber security teams, global enterprises are continuing to experience highly disruptive cyber incidents. Continued investments in backup capabilities and other cyber disaster recovery measures can formidably save on spend in the event of a breach. Should you need to win some budget for this, explain the downside revenue risk of under-investing in this part of a cyber security plan.
- Automate where possible. According to IBM’s Cost of a Data Breach Report, organizations that leverage fully deployed AI and automation save $3.05 million per data breach as compared to organizations that fail to use these tools. In other words, enterprises that pursue AI and automation can save as much as 65.2% on breach expenses.
- Implement a Zero Trust approach. Zero Trust reduces the risk of cyber breaches, as it prevents cyber attackers from exploiting excessive permissions. In some cases, an implementation of a Zero Trust security strategy has been shown to deliver a 92% return on investment with a payback period of less than half of a year. Zero Trust can lower the probability of a data breach by as much as 50%.
- Think prevention-first. Preventing a disaster is more cost effective than responding to a disaster after the fact. The average cost of a data breach is $4.35 million, and enterprises in the healthcare and finance space often incur much higher costs than average. Quantification of prevention-first ROI must be based on how much loss organizations could avoid with a prevention-first approach. When crunching the numbers, you’ll likely see that a prevention-first-oriented security program wins the day.
Organizations can prepare for and succeed in the face of slashed cyber security budgets. Cyber security is all about innovation. To that effect, budgetary limitations simply represent an opportunity to approach security in innovative, new ways in order to achieve stronger outcomes. In this challenging time, leverage the insights above in order to proactively enhance your cyber security posture.
Authored By- Sundar Balasubramanian, Managing Director at Check Point Software Technologies, India & SAARC