Are you spending too much on cyber security?

Security leaders are facing new challenges.

The cyber risk landscape is seeing a rapid expansion of sensitive data moving across interconnected networks and through millions of devices. Factors such as digital transformation, mergers and acquisitions, evolving regulatory compliance requirements, and market dynamics are creating new challenges for security leaders, including how to reduce costs without increasing risks, and how to optimise the performance of existing cybersecurity investments.

What we hear in the industry from business leaders:

1. How do we reduce costs without taking uncomfortable level of risks?
2. How do we build an operating model that creates more linear reporting structures, while driving performance at a lower cost?
3. How do we standardise controls to eliminate the inefficiencies in control testing?
4. How do we leverage Artificial Intelligence to automate the manual processes to drive significant efficiencies in our organisation?
5. How do we assess our security tools and projects & initiatives that are truly meaningful to business?

How do we optimise the performance of existing cybersecurity investments?

This raises an interesting question:

Are you spending too much on cybersecurity?

There is an equally interesting answer and that is adopting a cost optimisation methodology that can reallocate security budgets to ensure cyber investments are aligned with strategic business priorities. It should include encouraging leaders in all departments to consider cyber security investments with a focus on multi-year cost optimisation rather than pure cost reduction.

This presentation will focus on the importance of striking a balance between enabling a business and defending the operations in the face of tightening budgets.

A recommended approach is to establish a baseline by assessing current cybersecurity spends against the maturity of the organisation to identify cyber cost optimisation opportunities. Once a baseline is established, then develop a strategic roadmap and operating model to execute, realise and measure prioritised cost optimisation options.

The presentation will then shift to discussing the key strategies for cost optimisation:

1. Operating Model - Establishing an efficient operating model for Cyber Security by defining ownership and accountability for each function. A risk-based, agile approach to cybersecurity enables collaboration, implementation and continuous improvement.
2. Tools Rationalisation - rationalise cyber security technologies by identifying duplication of capabilities and functions across the enterprise. Assess security technology investments against defined and approved security use cases. Perform ongoing analyses of the enterprise landscape in terms of licenses, applications and tools and form a view on where expansion and consolidation is possible.
3. Process optimisation - Convergence of GRC processes and enablement through technology to optimise the processes. Agile organisations can more effectively allocate available resources to adequately fund prioritised risk and compliance processes.
4. Intelligent Automation - Automate manual processes to drive efficiencies using artificial intelligence and machine learning to drive efficiency - for example, automate and orchestrate cyber hunting, containment, response and remediation. This can relieve security teams of the necessary but repetitive tasks that consume valuable time and increase costs.

​