CXOs looking for ways to tighten their belts may be forgiven for taking a long look at their security budgets, as Gartner forecasts spending on security technology and services will grow annually at 11% over the next four years. If the frequency and cost of ransomware and other cyberattacks don't give them pause, rapidly evolving regulatory and compliance requirements should. As a result, many executives are examining ways to streamline and reprioritize, rather than reduce, their security budgets. The toll of all breaches keeps rising - Ponemon reports the average breach now costs $4.45 million, an increase of over 15% since 2020. The true cost of a ransomware attack can far exceed the actual ransom. As a result, rather than cutting security budgets, 51% of organizations plan to increase security investments, especially for incident response planning and testing, employee training, and threat detection and response tools. Game-Changing Regulatory and Compliance Requirements The Securities and Exchange Commission's recently announced cybersecurity disclosure and reporting regulations should also serve as a wake-up call for many companies. Further, organizations must publish their cybersecurity risk management, strategy, and governance approaches in their annual reports. The business costs for regulatory noncompliance are also becoming more significant, as companies should expect increased fines or sanctions. Organizations without effective, well-coordinated, and compliant security responses may experience reputation damage, customer loss, and lower stock price valuations. These regulatory changes suggest increased security spending rather than budget cuts. Organizations will need to revamp processes, toolkits, and reporting protocols to improve cybersecurity threat response and their level of security expertise. A detailed infrastructure audit can uncover opportunities to reduce or reallocate spending. The rapidly changing security landscape means that last year's funded priorities may not deliver the same results in next year's budget. Prioritizing and funding the top issues can help reallocate security funding for the greatest impact. Moving to the cloud can lower infrastructure costs, reduce management requirements, and speed applications development and rollout times. Cloud migration can also reduce capital and human resource costs. Integrating network operations center and security operations center functions can optimize resource utilization and lower costs. Security Remains a Top Priority While organizations search for ways to cut costs in an uncertain economy, they also face more frequent and destructive cyberattacks and a rapidly changing regulatory landscape. Finding efficiencies and reprioritizing resources, rather than cutting security budgets, can help companies reduce risks and maintain an effective security infrastructure.
This Cyber News was published on www.darkreading.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000