How chief information security officers can quantify the benefits of cybersecurity investments | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

GUEST OPINION: The adage, “What you don’t know can’t hurt you,” might be true for certain areas of life; however, it’s not the case with cybersecurity. Digital threats are morphing by the minute, posing a challenge for chief information security officers (CISOs): how do they show that their cybersecurity spending works and how can they calculate its return on investment?

Usually, when companies invest in technology, they expect positive financial results. Yet, with cybersecurity, it’s more about risk mitigation. This means the financial benefits of cybersecurity can be less certain and harder to predict, which can result in boards not dedicating enough of their IT budget spend towards security.

Ilan Rubin, chief executive officer, Wavelink, said, “Imagine investing in considerable resources for a defence mechanism, only to question if it’s doing its job. When cybersecurity solutions consistently block and log threats, all could be well. However, the reality is that counting blocked threats is a vanity metric and the absence of incidents also does not prove strong cybersecurity protection. This makes it challenging to show tangible proof of an adequate cybersecurity investment.”

Here are four ways to understand (and prove) the value of a cybersecurity investment:

  1. Prioritise current and relevant threats

Focusing on the most pertinent threats to the organisation is essential. It’s not feasible to prepare for every conceivable threat, so narrowing the scope and understanding the specific risks relevant to the company is crucial. This approach requires understanding potential threats, determining their relevance to the sector, and crafting an effective communication strategy to keep all stakeholders informed.

  1. Benchmark and measure security effectiveness

To effectively gauge security measures, it’s important to mimic genuine attacks and measure the defences against prioritised threats. This practice will alert managers to any vulnerabilities and provide them with a clear picture of where investments are necessary. Business leaders should also compare the time taken to detect and contain an intrusion by their organisation against industry standards. This will help them decide where to concentrate financial resources.

  1. Optimise security performance and determine the value of efficiency

Always make continuous improvements based on regular feedback on security effectiveness. Identifying and rectifying any security gaps, reassessing risk profiles as threats evolve, and making sure that the standards of security are either maintained or enhanced should become routine practices. Modern cybersecurity tools can also augment staff efficiency. Endpoint detection and response solutions can eliminate and prevent threats rapidly, significantly increasing a team’s effectiveness. This not only translates to cost savings but also addresses the challenge of hiring skilled cybersecurity staff.

  1. Report on improvement over time

Securing stakeholder confidence involves sharing the results of cybersecurity measures over time. Adopting a risk-centric approach, as opposed to solely compliance-driven or incident-focused methods, provides a comprehensive performance evaluation against real-world cyber threats. This type of reporting should include actionable insights, comparative data from the past, performance metrics from different business units, industry benchmark comparisons, and alignments with standard cybersecurity frameworks like NIST or ISO 27001.

Ilan Rubin said, “Every dollar spent on cybersecurity should validate its worth. CISOs need to have a clear understanding of the financial implications tied to their cybersecurity measures. Streamlining expenses, ensuring resources are used efficiently, and aligning every initiative with strategic business objectives are key aspects of this process.

“A formidable defence can only be built by increasing investments in proactive cybersecurity, which is why companies shouldn’t wait for a breach to reinforce their defences. Instead, all organisations must embrace a forward-looking approach, integrate advanced tools, and make data-driven decisions to ensure the resilience of their enterprise.”


It’s all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.



Click Here For The Original Source.

National Cyber Security