How Not to Waste Money on Cybersecurity

Security should be every enterprise’s top priority. Just remember that simply throwing money at the problem isn't the answer.

InformationWeek

August 18, 2022

2 Min Read
man looks at money wall questioningly
Getty Images

Throwing money at security threats may be good exercise, but it won't do much to deter data thieves, ransomware bandits, and other bad guys.

While enterprise security leaders usually do well at estimating threats and vulnerability, they often lack the ability to accurately assess business risk when making the case for sufficient security funding. “Cyber risk and its business impact is often put into technical language that the C-suite does not understand,” says John Gelinne, managing director, cyber and strategic risk, at business and advisory firm Deloitte. “As a result, translating threats and vulnerabilities into justifiable investments is often left to the tech team’s experience and judgment -- insights that often trail evolving cyber threats.”

Common Mistakes

A common way enterprises waste money on IT security is by configuring their security plans and budgets based on the latest cybersecurity trends and following what other organizations are doing. “Each organization's security needs will differ based on their line of business, culture, people, policies, and goals,” says Ahmad Zoua, director of network IT and infrastructure at Guidepost Solutions, a security, investigations, and compliance firm. “What could be an essential security measure to one organization may have little value to another.”

Related:IT Security Decision-Makers Struggle to Implement Strategies

Poor planning and coordination can lead to needless duplication and redundancy. “In large organizations, we frequently see many products and platforms that have the same or similar capabilities,” says Doug Saylors, cybersecurity co-leader for technology research and advisory firm ISG. “This is typically the result of a lack of a cohesive cybersecurity strategy across IT functions and a disconnect with the business.”

Organizations often layer security products on top of each other year after year. “As security teams and leadership, such as CISOs, leave the organization, new team members and leaders bring in new security products,” says Charles Everette, director of cybersecurity advocacy for cybersecurity firm Deep Instinct. “As the security solutions pile up, there's a tremendous amount of wasted resources and capital as solutions -- basically shelfware -- don't perform as expected due to not being updated nor keeping up with newer and more sophisticated attacks.”

...

Read the full article on our sister site, InformationWeek.

 

Read more about:

InformationWeek

About the Author

InformationWeek

InformationWeek, a sister site to ITPro Today, is a trusted source for CIOs and IT leaders seeking comprehensive and authentic coverage of the constantly evolving world of technology and its impact on business. Our experienced and ethical journalists conduct in-depth examinations of crucial issues and the impact of global events on IT operations and strategies, helping forward-thinking executives stay at the forefront of their industries. InformationWeek also provides a platform for enterprise IT leaders and leading tech companies to share their insights and experiences through exclusive interviews, opinion pieces, and events, offering firsthand accounts of strategies, trends, and innovations.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like