#PMP #PPM #project #Agile #cybersecurity #cryptocurrency #ai #SAFe #zerotrust #virtual #mindmap #remote #scaledagile #machinelearning
  • Welcome
  • Contact
  • Resume
  • Expertise
  • Blog
  • Books / White Papers
  • Software / Service Reviews
  • Mentoring Contact Form
  • This Week in PM
  • PM Video Series
  • Awards/Recognition
  • Templates & Downloads
  • Clients
  • Professional Services
  • Past Survey Results

Are businesses investing enough in cybersecurity?

2/16/2021

0 Comments

 
Picture
The issue isn't how large of a cybersecurity investment an organization makes, but rather, if it is spending funds properly.

The cost of cybercrime jumped to over $1 trillion in 2020, according to McAfee. That number combines monetary losses (over $900 billion) with the cost of providing cybersecurity (about $145 billion). 

To balance the discrepancies between losses and expenditures, cybersecurity spending is expected to jump 10% in 2021. Organizations of all sizes are increasing their security budgets; however, the way they approach spending changed. 

"Companies are concerned about cybersecurity breaches, and while fear is still a driving factor, compliance and risk management are taking center stage," said Jenai Marinkovic, vCTO/CISO at Tiro Security and member of ISACA Emerging Trends Working Group.

Because of the pandemic, organizations have to rethink their cybersecurity investment priorities. With the need for cloud services, there is a greater push for cloud security solutions. 

The increase in supply chain attacks such as the SolarWinds breach has increased the focus on third-party supplier risk assessments. Data privacy trends shifted focus to investment in AI/ML solutions centered on data protections. 

Even as cybersecurity trends and attack vectors have changed, many organizations continue to rely on — and invest in — the same tools and systems they've used for years. While companies may look to increase their cybersecurity budgets, they are actually underinvesting in the solutions needed to meet today's threat landscape.  

Attacks will happen no matter how much you spend

Cybersecurity, like IT, is a cost center for companies. It makes sense companies would want to attempt to limit their security efforts to what is necessary.

"For larger organizations especially, it's completely possible to spend every dime a company makes and more on cybersecurity, with diminishing returns, so it's definitely a balancing act," said Mike Wilson, founder and CTO of Enzoic.

However, actual spending more often than not goes toward the bare minimum of what the organization needs to do to stay compliant with industry and government regulations, especially in smaller businesses or those that don't have a dedicated security team.

The compliance-centric security comes despite the constant evolution of attacks. But, even with the best cybersecurity technology and training in place, the most successful attacks take advantage of the human factor and the mistakes people make. That's hard to mitigate, no matter how much you spend.  

"While I do think many companies underinvest and more attacks could be thwarted, this is not a problem that is going to go away any more than any other type of crime goes away with better prevention and enforcement," said Wilson.

Spending and cybersecurity posture

The issue isn't how large of an investment in cybersecurity an organization makes, but rather, if it is spending that money properly.

"One of the most overlooked cybersecurity costs is on defending against threats that do not exist anymore," said Ameesh Divatia, co-founder and CEO of cloud data protection company Baffle. 

For example, protecting against physical theft of storage was prevalent in the early days of centralized data centers. Due to outdated compliance mandates, that budget allocation still persists, even though it does not impact an organization's security posture.

It is hard to directly correlate cybersecurity spend with a company's security posture.  Cybersecurity projects tend to be long-term commitments and it takes time for the value to show up in analysis. 

"However, there are certain areas, cybersecurity premiums, for example, that are directly impacted when an organization adopts a new control, such as data-centric protection," said Divatia. 

As privacy awareness becomes ubiquitous, another measure of return on cybersecurity investment is how well an organization's brand is impacted by its public data privacy statement that informs consumers of data retention policies and access to customer data.

How security spending has changed
​
"Over the last five years, we have seen several trends leading to increased security spend," said Marinkovic. 

The migration to the cloud drove a transition from capital spending associated with physical systems to expense-based spending. An increase in ransomware and attacker's success in exploiting successful monetization models (such as ransom-based distributed denial of service attacks) has driven insurers to focus on endpoint security, cloud storage security and business continuity. 

Understaffing has driven organizations toward engaging consultants or outsourcing entire capabilities, as 66% of respondents say it's difficult to retain cybersecurity talent (an increase from last year), according to the ISACA State of Cybersecurity 2020 study. 

These are just a few of the factors driving an increase in overall spending. However, ISACA's report indicated that the rise in cybersecurity budgets remains less than the 64% reported two years ago. Just 58% of respondents anticipated an increase in cybersecurity budgets, an increase of three percentage points from the previous year. 
​

"This increase suggests spending may be leveling out given the five-year trend," said Marinkovic. 

0 Comments



Leave a Reply.

    Author:

    Picture

    Brad Egeland


    Named the "#1 Provider of Project Management Content in the World," Brad Egeland has over 25 years of professional IT experience as a developer, manager, project manager, consultant and author.  He has written more than 8,000 expert online articles, eBooks, white papers and video articles for clients worldwide.  If you want Brad to write for your site, contact him. Want your content on this blog and promoted? Contact him. Looking for advice/menoring? Contact him.

    Picture
    Picture
    Picture
    Picture
    Picture

    RSS Feed

    Archives

    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    April 2014
    March 2014
    February 2014
    January 2014
    December 2013
    November 2013
    October 2013
    September 2013
    August 2013
    July 2013
    June 2013
    May 2013
    April 2013
    March 2013
    February 2013
    January 2013
    December 2012
    November 2012
    October 2012
    September 2012
    August 2012
    July 2012
    June 2012
    May 2012
    April 2012
    March 2012
    February 2012
    January 2012
    December 2011
    November 2011
    October 2011
    September 2011
    August 2011
    July 2011
    June 2011
    May 2011
    March 2011
    January 2011
    December 2010
    November 2010
    October 2010
    September 2010
    August 2010
    June 2010
    May 2010
    April 2010
    March 2010
    November 2009

    RSS Feed

Powered by Create your own unique website with customizable templates.