TECH INTELLIGENCE: The new imperative

Listen to this article

An uncertain economy is driving many companies to look for ways to cut back on spending, which is not unusual. But some companies are gutting their cybersecurity activities, which will only harm them in the end.

The recent spiral of interest rates and other costs have spurred many businesses across industries to tighten their belt. Increasingly, chief information officers and other cybersecurity professionals are being asked to improve digital defenses with historically small budget increases (4%, down from the standard 8%) or, in some cases, they are being asked to spend less. But taking an ax to cybersecurity programs is a short-term solution that will ultimately drive costs even higher, since cybercriminals are not pulling back on their efforts.

Further, ongoing digital transformation – or the integration of digital technology into all areas of business – increases the number of threat vectors available to cyber criminals and increases the impact of any disruption, even as attackers use artificial intelligence and other new technologies to launch deadly incursions.

During a tight economy, businesses can maintain their security posture while reducing their cost structure. A good starting point is to consider a company’s return on cybersecurity investment. This approach will consider issues like aligning a company’s spending with its risk appetite. An experienced cybersecurity consultant can work with clients to quantify the impact of incidents and their follow-on effects and identify areas where the business’s investment may be exceeding the spend that is necessary to meet its risk profile.

The budget pullback among businesses has prompted some cybersecurity providers to announce significant layoffs. In a June email to employees explaining a 50-person reduction, the CEO of one company explained the decision by noting “economic conditions that are affecting the industry and our customers in Q1 of this year brought additional pressures on the business. After painstaking deliberation, we are implementing a layoff of roughly 9% of the company’s employees, which equals 50 of our teammates, as well as making other adjustments to the business …”

In August, a publicly held cybersecurity company announced it would “simplify and scale” its operations by “restructuring and reducing our workforce by approximately 15%.”

Then in September, according to published reports, a Microsoft cloud tools vendor announced it was dropping some 140 employees, including engineers and partner account executives, due to “current market conditions.”

But a business chief information security officer – or other senior-level executive who oversees an organization’s information, cyber, and technology security – can shave expenses by working with a cybersecurity provider to prioritize project portfolios. Often, initiatives have been built up on a piecemeal trajectory over multiple years, so businesses that evaluate ongoing projects – while resolving conflicts and overlaps, and balancing cost and risk reduction – can achieve reasonable cybersecurity cost cuts without increasing risk.

A security operation review can also add value by identifying areas where capability and resources can be aligned with cybersecurity performance requirements. For example, operational efficiency may be improved by automating certain processes. Improving the operating model of a business can also enhance security operations. Chief information security officers or other responsible leaders can optimize their staffing and organizational activities by identifying overlapping roles and duplicate processes, ensuring that staff members are spending their time on activities that drive the biggest risk reductions.

Big cost reductions may also be achieved with relatively simple steps, like training employees to be aware of best cybersecurity practices — some reports note that 95% of successful cybersecurity breaches resulted from human error.

Cost control is the new imperative, and cost-cutting pressures are unlikely to ease. But skillful management can help to restrain costs. Even when budgets were bigger, it was a good idea to review cybersecurity spending — however, given today’s challenging environment, it is essential to trim the fat without gutting cyber defenses.

Carl Mazzanti is president of eMazzanti Technologies in Hoboken.