Optimizing Expenses for Cybersecurity

Cloud migration, zero-trust approach, and AI algorithms helped improve cybersecurity posture and optimize costs.

The worldwide spending on IT security is expected to reach $172 billion in 2022, according to Gartner. Meanwhile, there is a growing need for enterprises to plan their cybersecurity budget wisely due to the rapid development of the threat landscape and limited in-house capabilities for effective cyber defense. There is a wide choice of solutions that might be applied on different levels from anomaly detection to response, but implementing one doesn't always guarantee proper risk mitigation.

It's fair to suggest that some solutions might overlap, yet organizations can explore cybersecurity cost optimization from a new perspective by carefully evaluating the risk appetite, choosing the right technology, and employing managed services providers for the tasks that are too costly to perform their own. Let's explore ways to achieve an efficient operating model and optimize costs for security without sacrificing the major needs.

Spending vs Losses

Sometimes organizations end up spending more money trying to protect assets that are not that expensive to lose. As a result, their expenses become unreasonable and they end up cutting costs for the whole SOC department. For example, a company spends $1.5 million on incident response strategies while being exposed to a given risk would cost them only up to $400,000. In this case, cybersecurity spendings are higher than potential losses and as a result, the company loses substantial amounts of money. To avoid a situation like this, the cybersecurity budget needs to be evaluated against potential losses.

One of the ways to achieve effective cost optimization is to leverage shared cybersecurity practices by implementing third-party solutions like SOC Prime's Detection as Code platform, which allows organizations to obtain curated detection content from seasoned cybersecurity experts in less than 36 hours after threat discovery.

It is also useful to strategize for a cybersecurity budget using benchmark research. For instance, the Data Breach Report by IBM gives important highlights which need to be considered for optimizing security costs in the long run:

• Average data breach cost surged $4.24 million, which is the highest for the last 17 years of their research. This implies that the average cost for cybersecurity should be increased while making it less expensive than the data breach cost is the goal of the budget optimization.
• Remote working teams had higher average data breach costs. This means that organizations should provide measures of enhancing the protection of remote endpoint devices. Reducing the budget in this domain is potentially riskier.
• Cloud migration, zero-trust approach, and AI algorithms helped improve cybersecurity posture and optimize costs.

While acknowledging these metrics helps gain a clearer vision, it is also important to understand that relying solely on average calculations may not be applicable in some particular business scenarios. The financial department in collaboration with executives and the Board of Directors should conduct a further risk assessment and evaluate cost-benefit relations regarding each cybersecurity solution individually, as well as the whole suite of them in general. Even in the case of substantial financial investments, cybersecurity solutions might turn out to be ineffective leaving the organization still exposed to cyber-attacks. The risk appetite and risk tolerance can also differ depending on a particular sector of the economy, business processes, and the size of the company.

Cost Optimization vs Reduction

When budgeting for cybersecurity, it's worth considering a proactive approach in achieving the primary goals like fixing security gaps and increasing effectiveness in the first place. A simple cost reduction might not be any better than spending more money on security if it doesn't help to protect the organization.

To perform a successful cybersecurity budget optimization here's what KPMG experts suggest to do:

1. Transition repetitive tasks to third-party service providers

2. Automate and de-layer security processes wherever possible

3. Develop project rationalization to avoid an abundance of overlapping or underutilized solutions

4. Perform value-driven renegotiation with service providers

5. Migrate backup and disaster recovery strategy to the cloud as suggested by Microsoft

6. Pause discretionary spending and testing activities

7. Consider workforce optimization like repositioning full-time equivalents (FTEs) to value-driven roles, reallocation of skills, talent sharing

8. Reassess the delivery of key metrics like the relevance and amount of processed data, level of threat exposure, and the applicability of regulatory requirements

Conclusion

Today's cybersecurity market offers a lot of promising solutions which often come at a high cost and require advanced engineering skills for setup and maintenance. As a result, an organization might spend a significant budget hoping that they will ensure the highest security standards but nevertheless, the risk factor doesn't reduce once the software is obtained. Conversely, the management team can go for blindly chase the cost reduction, forgetting that they expose the business to even higher risks if the basic cybersecurity needs aren't met.

Eventually, it's important to remember that most cybersecurity measures are contextual to each organization and there is no gold standard like spending only 7% of the overall IT budget or anything like that. Every company should perform a careful assessment of its specific risk exposure and security strategy before making a decision of implementing a certain solution or discontinuing one.

Another widespread issue is the lack of time and expertise to handle a viable security strategy. Even after implementing a SIEM or other security solution into the company's SOC operations, there is still much work to do on a continuous basis like integration of data sources and ongoing management. In this case, it is possible to outsource the repetitive tasks to a reputable third-party provider. Looking for cost-efficient solutions that can tackle the challenges of cross-tool content migrations can also be seen as a reasonable investment. For example, organizations can take advantage of tools like Uncoder.IO – an online translation engine that instantly converts generic Sigma-based threat detection content into a variety of SIEM, EDR, and NTDR formats.