Cybersecurity Investment Plans in Periods of Economic Instability
In an economy where uncertainty looms, the importance of cybersecurity has never been more crucial. According to Karl Mattson, CISO for Noname Security, cybersecurity spending is extremely durable due to its close tie to operational and reputational risk.
Mattson's sentiments are echoed by Jon Clay, VP of threat intelligence at Trend Micro, who advises looking at overall cybersecurity people, process, and technology areas. Malicious actors, he warns, will continue to evolve and find new ways of targeting victims, requiring cybersecurity budgets to address this.
Bob Stevens, VP of public sector at GitLab, predicts that security will become one of the top investment areas for companies and government agencies in the coming year, especially in the form of DevSecOps. This shift towards secure development practices is a proactive measure to mitigate risks and strengthen defences.
In this context, it's essential to ensure that cybersecurity budgets are spent wisely. Pam Nigro, VP of security and security officer at Medecision, suggests using a total cost of ownership model to assess tools. Questions to consider when reviewing tools' total cost of ownership include initial cost, cost to implement, operating cost, maintenance costs, and effectiveness in mitigating risk.
However, in times of budget constraints, finding areas for cost-cutting becomes necessary. Vendor and licensing contracts, as well as delaying new, non-critical projects, could be potential areas for budget cuts without causing significant damage. But it's important to remember that decreasing the cybersecurity budget can create gaps in protection, potentially leading to increased costs in the form of downtime, lost business, and fines in the aftermath of a data breach.
Laying off skilled security employees should be avoided unless it's a dire emergency, as talent is hard to find and retaining skilled workers is a constant challenge. Future economic leaders should identify cybersecurity risks such as increasing sophistication of cyberattacks, insider threats, and system vulnerabilities to allocate their security budgets effectively by prioritizing critical areas and minimizing the costs of successful attacks.
Among government respondents, 60% currently implement security capabilities for cloud native or serverless, or plan to in the coming year. The need for strong cybersecurity programs may lead to a review of costs, with tools and upgrades being potential areas for cost-cutting. Consolidation of tools may be possible without losing risk mitigation capabilities and threat intelligence, according to Nigro.
Gartner predicts that IT spending will grow at a slower pace in 2023 compared to recent years. However, end-user spending on cybersecurity technology and services will see an annual growth rate of 11% over the next four years. This growth underscores the importance of investing in cybersecurity, even in challenging economic times.
In conclusion, prioritizing cybersecurity budgets is crucial in today's digital age. By focusing on critical areas, assessing tools' total cost of ownership, and finding areas for cost-cutting without compromising security, organizations can ensure their business can operate efficiently and effectively while minimizing the costs of a successful attack.
