You are here

You are here

Make your security spend last by investing in cyber resilience

Joe McMann CSO and Strategy Lead, Capgemini Cyber

It’s one of the fastest-growing industries in the world, with the need for talent so extreme that it faces a forecast global workforce deficit exceeding 4 million. Cybersecurity affects nearly every aspect of our day-to-day lives, from how we shop and pay bills to the devices we use at our jobs, in our homes, and in our cars. As consumers in this intricately connected world, we’re trusting that the companies we do business with are protecting our personal information. The places where we bank, receive healthcare, and purchase groceries need to have reliable defenses to shield our data from attackers.

Now, the pandemic is bringing cybersecurity to the forefront, under an even brighter spotlight than before, as the world shifts toward being fully digital. A situation where employees are commonly working from home provides more opportunities for hackers—a result of the change in the attack surface and work environment. How can businesses ensure that their cybersecurity programs have the scope, scale, and resilience in place to defend against this rapid surge of online traffic?

The natural answer would be to purchase more tools and expand teams to have the resources to detect threats across this expanding footprint. According to a 2019 Forrester report, cloud security spending is expected to increase by nearly 18% by 2023, reaching $12.7 billion.

Budgets for the machine learning and behavioral analytics portions of AI in cybersecurity were also expected to increase in 2020, with 48% of organizations surveyed by the Capgemini Research Institute saying they anticipated upping their spend by nearly 30%. In one leading analyst firm’s recent industry survey, nearly half of the respondents said their cybersecurity spending was increasing, and nearly a quarter of respondents said spending was staying the same.

At Capgemini, we see three scenarios emerging. 

1. Increasing resilience

Some companies are increasing the amount they are spending on cybersecurity, because they have taken on new challenges and risks emerging from the pandemic. Many have found themselves suddenly thrust into serving a critical role in our society, while others have had to change their operating models entirely. These organizations have had to bolster their cybersecurity posture or initiate new projects in order to maintain operational resilience and ensure they can operate their business and support their customers.

2. Staying steady

A percentage of organizations is staying steady with the amount they are spending, because their particular business reality hasn’t changed much in the current situation. Many businesses were already used to operating with a largely remote workforce, and their services and solutions haven’t faced major disruption. They may be shifting resources, pushing out timelines, or reprioritizing efforts, but their overall commitments and associated budgets have not been drastically changed.

3. Cutting back

Some businesses dealing with the realities of the current crisis need to look at all options when evaluating where to reduce costs. That means all things are on the table, including cybersecurity. Thankfully, so far, as shown by the survey data, this has proved to be the exception rather than the rule.

Cyber resiliency for all three

Still, organizations can secure their businesses now and into the future by concentrating on achieving cyber resiliency. Succeeding during difficult times requires a foundation based on fundamental cyber practices that keep pace with the industry’s continuous developments and a synchronized connection across people, process, and technology that allows the program to operate as one unit. By implementing a unified defense strategy, cybersecurity programs can increase effectiveness, efficiency, and adaptability—capabilities that are essential to navigating through unexpected, long-lasting disruptions.

Build a strong foundation

Companies need to assess where they are today, what their near-term operating model is, and what their long-term prospects may hold. Companies that know where their gaps are can use that knowledge to their advantage, picking and choosing the right skills, playbooks, and optimized technologies for their particular cyber context to succeed. There isn’t one prevailing trend when making decisions that are this difficult, but at the core of every resilient cybersecurity program is a strong foundation that is built to last, thriving through any budgetary modifications that need to be made.

Don’t stop evolving

The important thing for cybersecurity leaders to understand is that, even if budgets decrease and resources become scarce, there will still be a way to address, maintain, and perhaps increase their organization’s cyber resilience, effectiveness, and efficiency. Enterprise security is not a binary “on or off” scenario. It’s a spectrum of options that need to be continually evaluated. Look for ways to invest and concentrate on strengthening weaker areas while enhancing mature capabilities to keep up with the ever-evolving threat landscape. That’s the best way for organizations to stay one step ahead of adversaries.

Enterprise security is not a binary “on or off” scenario. It’s a spectrum of options that need to be continually evaluated.

Work in unison

Applying the right balance of people, process, and technology and ensuring that those three are working in concert is the key to answering whatever challenges we all are facing. Look at cybersecurity like a journey, where there is more than one path to take. Sometimes companies need to take a different route or perhaps even backtrack, but even amid a pandemic they can still keep an eye on the long-term objective: to defend their business and protect their customers.

Now is the time to connect operations and make improvements while ensuring that the core pieces of your cybersecurity program are fundamentally sound. When disruptions occur—especially those which impact organizations economically—the cyber resilience built into your organization can withstand the unexpected challenge. Enterprises that use this time to bolster their defenses and make resiliency a priority will get the future results they want.

Keep learning

Read more articles about: SecurityInformation Security