Cybersecurity Spending Strategies In Uncertain Economic Times – Cybersecurity Dive

Cybersecurity spending strategies in uncertain economic times – Cybersecurity Dive

The need for strong cybersecurity programs doesn’t make it immune to cuts.
With all the uncertainty around the economy — and recession fears — organizations have to make some tough decisions as they plan 2023 budgets. 
IT budgets are expected to take a hit, as Gartner predicts that, while organizations will continue spending on IT, it will be at a much slower pace than in recent years.
If IT spending is slowing, will business leaders follow a similar approach for cybersecurity budgets? The answer is probably not. Gartner predicts that the end-user spending on both security technology and services will see an annual growth rate of 11% over the next four years, and many security professionals agree with that assessment.
That’s the way it should be, according to Bob Stevens, VP of public sector at GitLab.
“If it isn’t already, I foresee security becoming one of the top investment areas for companies and government agencies in the coming year – especially in the form of DevSecOps,” said Stevens. 
In fact, cybersecurity is now one of the top spending considerations for government and private sector leaders, according to GitLab’s 2022 Global DevSecOps Survey
The study found security is the highest-priority investment area for organizations – even outranking cloud computing. Among government respondents, 60% currently implement security capabilities for cloud native or serverless or plan to in the coming year. 
“With that goal in mind, companies and government agencies will have to increase attention and budget for cybersecurity,” said Stevens.
Cybersecurity spending is extremely durable, said Karl Mattson, CISO for Noname Security. Security is commonly shielded from budget cuts because of how closely it is tied to operational and reputational risk.
“The risk exposure of a cybersecurity incident could be consequentially damaging to an organization’s mission,” said Mattson. That alone could tamper the temptation to decrease the cybersecurity budget. 
Risk exposure takes on greater urgency in an uncertain economy. If security budgets see a decrease, it can create gaps in protection. 
What appears to be a short-term solution to cost savings could end up costing a company even more in downtime, lost business, and fines as part of the aftermath of a data breach.
The need for strong cybersecurity programs doesn’t make it immune to cuts. If the organization has to tighten its financial belts, leadership will take a hard look at where it can cut costs in security spending. 
“If the past is an indicator of the present, then most likely tools and upgrades will take the first pass in sharpening of the pencil,” said Pam Nigro, VP of security and security officer at Medecision, and ISACA Board Chair. 
When most companies developed their cyber program, there was a strong emphasis on tools that could help the security team manage its environment. During economic uncertainty, Nigro said, it is a good time to review those tools and apply a total cost of ownership model by considering the following questions:
“After completing the assessment and review of the TCO, an opportunity for consolidation may arise without losing risk mitigation capabilities and threat intelligence,” said Nigro.
Other places where the budget could be cut without too much damage is vendor and licensing contracts and delaying new, non-critical projects.
But one potential budget cut that should be off the table and not considered unless it is a dire emergency is laying off skilled security employees. Talent is already hard to find, and retaining skilled workers is a constant challenge. 
“Now is a great time to look at your overall cybersecurity people, process, and technology areas,” said Jon Clay, VP of threat intelligence at Trend Micro. 
It is also an excellent time to identify your most significant risks, should a successful attack occur, and identify how you can improve your security posture in these areas.  
Malicious actors will not stop their attacks — instead, they will continue to evolve and identify new ways of targeting victims.  
“Cybersecurity budgets need to address this in a way that allows the business to continue to operate efficiently and effectively while ensuring their costs are spent on their most critical areas and in a way that can ensure they still have defenses that can minimize the costs of a successful attack,” said Clay
Get the free daily newsletter read by industry experts
Insurers evaluate how a company leverages technology and what internal standards are in place to manage risk.
Companies trying to fill cybersecurity roles need to stop looking for unicorns and expand their search to qualified, but often overlooked, job candidates.  
Keep up with the story. Subscribe to the Cybersecurity Dive free daily newsletter
Keep up with the story. Subscribe to the Cybersecurity Dive free daily newsletter
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Share your announcement
Insurers evaluate how a company leverages technology and what internal standards are in place to manage risk.
Companies trying to fill cybersecurity roles need to stop looking for unicorns and expand their search to qualified, but often overlooked, job candidates.  
The free newsletter covering the top industry headlines

source


Leave a Comment

Leave a Reply

Your email address will not be published.

Identity Management and Information Security News for the Week of August 12; Updates from Logpoint, Whistic, Cisco, and More – Solutions Review

Bitcoin Confidentiality — Keeping Bitcoin transactions private | by Henrique Centieiro | Aug, 2022 – DataDrivenInvestor

How to Improve Your Organization’s Cyber Resiliency – CIO

8 Important Cyber Security Practices For Small To Medium-Size Business – Enterprise Apps Today