[ad_1]
Cybersecurity investment must show ROI in the form of resilience, says Raghu Nandakumara, Head of Industry Solutions at Illumio
1995 was a landmark year in tech. Netscape Navigator was launched and the commercial restrictions on the internet were removed, marking the beginning of the ‘Information Age’. Toy Story debuted as the first fully computer-generated film and Steve Katz at Citicorp became the first-ever CISO – a significant milestone in cybersecurity.
Fast-forward 30 years: the internet is ubiquitous, we’re on Toy Story 5 and the CISO role is more critical than ever.
But greater recognition brings more accountability and risk. Research from the Ponemon Institute shows CISOs are increasingly held solely responsible for ransomware threats. As a CISO, this means not only are you accountable for everything from data protection to policy and risk management, but you now risk becoming the scapegoat when something inevitably fails.
Resilience must take precedence over mere prevention. Today, your mandate isn’t to stop every breach, but to keep the business running when one inevitably happens.
How ransomware changed the game
Cybersecurity has never been just an IT problem – it’s a business risk. Attacks disrupt operations, damage trust, and cost millions. For Synnovis, the impact was catastrophic – estimated losses of £32.7 million, seven times its annual profit.
It’s not scaremongering; it’s a fact – 62% of UK organisations have had to shut down operations following a ransomware attack, according to Ponemon. Yet, despite this, just 19% of the IT security budget is focused on addressing the ransomware threat, with the majority prioritising prevention. Waiting for a breach to reprioritise or justify more funding isn’t an option – by then, it may be too late.
The ironic thing is that attackers aren’t doing anything new. They still exploit misconfigurations, lack of segmentation, outdated patches and poor access controls to move through organisations and reach critical systems. But the impact is getting worse.
Attackers don’t need to change their behaviour – why would they? It’s working. Defenders do. So, where should you start?
1. Adopt a proactive, resilience-first mindset
Despite good intentions, security is inherently reactive. Measures like meeting regulatory requirements or deploying firewalls focus more on responding to immediate risks than long-term strategy.
Whether the driver is ransomware, NIS2, DORA, or protecting the business’s bottom line, your goal today must be maintaining operational resilience. Prevention is important (and ideal), but security leaders are seeing smaller and smaller gains when attempting to improve prevention. So, the priority must be to build out controls that protect the most critical systems and reduce the blast radius of the inevitable attack.
2. Assess your current risk posture
You can’t limit the impact of attacks if you don’t understand your current risk posture. Start by identifying your most significant threats and determine which assets are most vulnerable to attack. How might threat actors exploit vulnerabilities? How prepared are you to respond?
Use frameworks such as the NIST Cybersecurity Framework to help measure and mature capabilities across key functional areas. Additionally, technologies based on AI security graphs are essential for providing a real-time, richly detailed view of all resources, their dependencies, and relationships.
AI security graphs allow you to map adversary behaviour and identify attacker connections and patterns, so you can anticipate risks that need to be addressed and gaps that are already being exploited. This supports the shift from reactive to proactive by prioritising what matters most, empowering you to make faster, more informed decisions.
3. Align security spend with risk
Once you know your risks, consider whether current cybersecurity investments focus on the right areas. Security spending is set to hit $212 billion in 2025, but breach costs are also rising, averaging $4.88 million in 2024. So, we’re effectively spending more for little gain.
Every pound must be spent on proactively improving cyber resilience rather than a short-term approach to filling individual security gaps. Audit your investments. Are they reducing meaningful risk, or patching over legacy gaps? Consider what will give you the biggest risk reduction for the lowest budget. Is there a better and simpler way to reduce ransomware risk that enables you to remove legacy security tools?
4. Implement a breach containment strategy
Containment is the most effective way to strengthen resilience against ransomware. This means prioritising rapid detection and containment of threats to minimise potential harm.
Start by identifying the most critical systems you must keep running in the event of an attack. Then, implement controls like segmentation to limit access, isolate attacks and prevent attackers from spreading laterally.
Even if one endpoint or server is compromised, attackers will hit a wall when they try to move further. Your most critical systems stay safe, your brand remains intact and your business keeps running.
5. Speak the board’s language
Strategy means nothing without the board’s buy-in. That starts by shifting the narrative from tools and alerts to outcomes. Boards want to know that the business will be safe and operational if an attack happens and that regulatory penalties will be avoided.
Focus on how cybersecurity investments deliver measurable returns by reducing risk and boosting operational resilience. Take time to map the outcomes of investments to productivity, reputation and the bottom line – things that the board truly cares about.
Containment: a strategic career move
Cybersecurity is finally in the boardroom spotlight. But attention is fleeting and recognition is easily lost if the business suffers a catastrophic attack.
Breaches no longer just steal data; they disrupt operations, erode trust and have long-term financial repercussions. We must force attackers to change their behaviour to mitigate risks, but that will only happen when we change our own.
Prevention still matters, but resilience is what defines a modern security leader. Blocking every attack is unrealistic. What makes or breaks a business is how prepared it is and how swiftly it responds.
By embedding a breach containment strategy, built on visibility, segmentation and solid security hygiene, you can lead with confidence and reduce the impact of attacks before they occur.
It’s not surrender – its survival. Make resilience your legacy, so you and your business can withstand whatever comes your way.
[ad_2]
Source link
