How to Prioritise Cyber Spend in a Recession

As we look ahead to 2023, there’s both good news and bad news for cybersecurity professionals.

While cybersecurity remains the preserve of the CIO/CISO, the good news is that there has been a major improvement in attitudes towards cybersecurity among the rest of the C-suite.

According to Gartner’s 2022 Board of Directors Survey, business leaders have begun to recognise that an attack can have a significant impact on an organisation. So much so, that the percentage of boards that consider cybersecurity a business risk has risen from 58% to 88% in the past five years.

With that said, the bad news is that it could be tricky to harness that sentiment and boost security spend in any meaningful way given the current economic climate. Businesses are faced with budget-eroding inflation and rising licensing costs (driven by spiralling data volumes) and are looking to get a better grip of their finances.

This is less than ideal. It’s perhaps the worst possible time for security spending to be capped or curbed, IBM reporting in its Cost of a data breach 2022 report that the average cost of a data breach last year was $4.35 million – a figure large enough to derail even the most money-savvy SMEs.

Interestingly, the very same report also reveals that those organisations with fully deployed security AI and automation solutions save a whopping $3.05 million per data breach compared to those without – a 65.2% difference.

The need for investment is clear, yet in a budget-restricted climate, CIOs and CISOs are unfortunately left with a clear headache: where should they focus spend, and how can they maximise investment to enhance security in the most cost-effective way?

As automation has become a more attainable, realistic and relevant tool in the defensive arsenals of security teams, the ability of teams to assess the effectiveness of automation and prove the value of such investments is rising to the fore.

Resultantly, we expect meta-analysis to continue growing as a trend through 2023.

A technique involving the statistical analysis of the data from incidents to determine conclusive and accurate results, meta-analysis can be used by CISOs to measure and compare the effectiveness of their security controls against other organisations, essentially benchmarking solutions and their performance.

We’re already seeing an indication of where such comparisons are beginning to drive market attention. According to Forrester, the top priorities for cybersecurity in 2023 include the replacement of legacy SIEMs with systems that are better equipped to analyse security behaviour in a more seamless manner.

Here, we anticipate organisations will focus on implementing converged security operations setups, combining the SIEM with solutions such as SOAR and UEBA to enjoy automated detection and response, improve behaviour modelling, and better protect siloed business critical applications such as SAP.

This approach offers several merits. With a converged security solutions setup, firms stand to eliminate the typical complexities associated with managing siloed security products, while also reducing the burdens facing overstretched security teams.

Further, with a single, transparent platform, Security Operations Centre (SOC) professionals can more easily identify high-value alerts and use data to optimise the efficacy of the broader security infrastructure​. In this sense, converged setups may also improve security performance, helping to accelerate threat detection, investigation, and response efforts.

At the same time, the issues associated with spiralling data volumes can also be handled.

To be clear, limiting the amount of data coming into the system simply almost never makes sense in a security context. Therefore, solutions should never be restricted by the licensing – it would leave customers worrying about restricting what they ingest and from where, and potentially impede overall security objectives.

However, what a converged setup can do is boost cost transparency, helping to control and limiting spend on tools by offering transparent insights into exactly how often each solution is used. This determines relevancy, importance, and total cost of ownership, ensuring firms are only ever spending on those value-adding services.

In this sense, prioritising the combination of complementary security tools into a single, suitable platform can paint a much fuller picture in terms both security effectiveness and expenditure. For companies looking to maximise investment and enhance security in the most cost-effective way, it is a no brainer.