Why a bigger security budget won’t prevent an attack: Here’s a better approach

Why a bigger security budget won’t prevent an attack: Here’s a better approach

Enterprises must take a risk-based approach to stop cybercriminals, rather than only throwing money at the problem, according to Gartner.

 

https://www.techrepublic.com/videos/what-is-the-cios-role-in-cybersecurity-leadership/

 

Business growth and digital transformation are introducing new cyberattack vectors in the enterprise—but throwing money at the problem won’t help your company protect itself against such risks, according to a Tuesday Gartner report.

“Raising budgets alone doesn’t create an improved risk posture,” Rob McMillan, research director at Gartner, said in a press release. “Security investments must be prioritized by business outcomes to ensure the right amount is spent on the right things.”

In a survey of 3,160 CIOs across 98 countries and several major industries, 35% said their organization has already invested in and deployed some kind of digital security. Another 36% said they are actively experimenting or planning to implement this in the short term, the survey found.

Organizations spend an average of 5.6% of the overall IT budget on IT security and risk management, according to a previous Gartner report. However, IT security spending ranges from about 1% to 13% of the IT budget and can be a misleading indicator of program success, McMillan wrote in that report.

Instead, McMillan advocates for a risk-based approach to enterprise cybersecurity, in which businesses adapt their security techniques for the digital age, continuously assessing the ecosystem risk and changing plans as necessary.

“Taking a risk-based approach is imperative to set a target level of cybersecurity readiness,” McMillan said in the release.

The vast majority of CIOs surveyed (95%) said they expect cyberthreats to increase over the next three years. However, only 65% said their organization currently has a cybersecurity expert on staff. Digital security staffing shortages were named a top inhibitor to innovation, the report found.

“In a twisted way, many cybercriminals are digital pioneers, finding ways to leverage big data and web-scale techniques to stage attacks and steal data,” McMillan said in the release. “CIOs can’t protect their organizations from everything, so they need to create a sustainable set of controls that balances their need to protect their business with their need to run it.”

The big takeaways for tech leaders:

  • Raising security budgets alone doesn’t create an improved risk posture for enterprises. — Gartner, 2018
  • 65% of global CIOs said their organization currently has a cybersecurity expert on staff. — Gartner, 2018

 

Source:

By |2018-07-18T14:11:32+00:00July 18th, 2018|Uncategorized|0 Comments

About the Author:

DataField