Historically , the fear of cyberthreats put organisations and their security operations teams on the defence . So much so , they still strive to design security plans that try to protect every part of their infrastructure .

With the overwhelming number of systems for organisations to protect and the growing cyberthreat landscape , the ‘ more is better ’ model , although logical at the beginning of the cybersecurity battle , is simply no longer sustainable .

According to Statista , spending on global Digital Transformation is projected to reach US $ 1.8 trillion by the end of 2022 and by 2025 , it ’ s forecast to reach US $ 2.8 trillion . Today ’ s IT environments are continuously expanding as organisations adopt new technologies while also running existing legacy systems . On top of this , more organisations are now exploring the option of adding Internet of Things ( IoT ) capabilities to their operations .

Unless organisations are armed with a huge cybersecurity budget and unlimited resources to manage all applications , keeping up with the continual and accelerating change in the technology environment won ’ t work . Organisations need to readjust the ways they are distributing their cybersecurity budgets to realise greater efficiencies .

A new approach from CISOs

The cost of having well-trained analysts onsite 24 × 7 outweighs the benefits for almost every organisation . CISOs must take a more targeted approach when planning their cybersecurity budget . This will help them achieve a ‘ risk optimisation ’ process to ensure cybersecurity investments are guided by business outcomes .

FEATURE

With this approach , organisations can create a proactive cybersecurity and risk optimisation programme that helps answer the question : What is the right amount of cybersecurity to mitigate the priority risks ? Organisations must consider the following factors to achieve a targeted security budget for growth .

Moving away from the ‘ more is better ’ cybersecurity model

The rapid expansion of the cyberthreat landscape , combined with limited resources , has fuelled the need to rethink cybersecurity programmes .

Gartner estimates that cybersecurity spending in 2021 totalled approximately US $ 150 billion , up more than 12 % from 2020 . Yet , despite the higher investments , in cybersecurity , cyberattacks keep growing in number and advancing in complexity .

Most organisations acknowledge the need for a Security Operations Centre

( SOC ), but they are unsure about the implementation costs . Using a risk optimisation approach , organisations can discover how to build a SOC with limited resources .

Kev Eley , Vice President Sales , Europe at LogRhythm

Cyber risk optimisation is about understanding threats , priorities and business investments and using these insights to design a cybersecurity strategy that takes on the correct amount of risk . Aligning the cybersecurity policy with business objectives allows for the strategic funding of security operations resources .

A hybrid SOC ( combination of employees and outsourcing ) is the justright solution for many organisations that cannot justify the cost of a formal SOC and cannot tolerate the inadequate protection provided by an informal SOC . A hybrid SOC that finds a balance between people , processes and security information and event management www . intelligentciso . com

49