2nd Edition

Tracking the trends and news for IT and IT Security

Paul

Why IT leaders are putting more business spin on security spend

cropped-CIO-favicon-2023.png?w=192 Why IT leaders are putting more business spin on security spend>
CIO – Robert Scheier
Gartner projects that spending on information security and risk management products and services will grow 11.3% to reach more than $188.3 billion this year. But despite those expenditures, there have already been at least 13 major data breaches, including at Apple, Meta and Twitter.

To better focus security spend, some chief information security officers (CISOs) are shifting their risk assessments from IT systems to the data, applications, and processes that keep the business going.

A new definition of value For internal enterprise security teams, Kim says to accept that security is a cost center and demonstrate how the CISO manages total cost of ownership over time. This might include updating CFOs and CEOs on specific cost reduction, such as reducing spend with a security vendor, finding a less expensive product to fill a security need, or improving internal metrics such as the average cost to mitigate a vulnerability, adds Tyson Kopczynski,SVP and CISO at financial services provider Oportun. Christensen further suggests explaining how security can cut costs or increase productivity. Kopczynski adds that CISOs can uncover such improvements with questions such as whether their organization is using all the functions in a security tool, if those features overlap with other tools, and whether the organization is paying too much for licenses or for too many licenses. Ways to maximize value include considering tools that perform multiple security functions, or running penetration tests, attack simulations, or offensive security campaigns that prove a tool can repel high impact attacks, he says. Understanding business needs Aligning security spend with business needs starts with understanding what is most important to business managers.

Kim recommends using a “risk = impact x likelihood” formula, and understanding on a scale of 1 to 10 what your most important processes and assets are. Applying caution with benchmarks Several CISOs were skeptical about using benchmarks to compare their security spend with others. That’s because, they say, companies may define security spend differently or have different needs.
Link: https://www.cio.com/article/472730/why-it-leaders-are-putting-more-business-spin-on-security-spend.html

Categories:

Tags: