How Not to Waste Money on Cybersecurity

Security should be every enterprise’s top priority. Just remember that simply throwing money at the problem isn't the answer.

2 Min Read
How Not to Waste Money on Cybersecurity
(Source: Pixabay)

Throwing money at security threats may be good exercise, but it won't do much to deter data thieves, ransomware bandits, and other bad guys.

While enterprise security leaders usually do well at estimating threats and vulnerability, they often lack the ability to accurately assess business risk when making the case for sufficient security funding. “Cyber risk and its business impact is often put into technical language that the C-suite does not understand,” says John Gelinne, managing director, cyber and strategic risk, at business and advisory firm Deloitte. “As a result, translating threats and vulnerabilities into justifiable investments is often left to the tech team’s experience and judgment -- insights that often trail evolving cyber threats.”

Common Mistakes

A common way enterprises waste money on IT security is by configuring their security plans and budgets based on the latest cybersecurity trends and following what other organizations are doing. “Each organization's security needs will differ based on their line of business, culture, people, policies, and goals,” says Ahmad Zoua, director of network IT and infrastructure at Guidepost Solutions, a security, investigations, and compliance firm. “What could be an essential security measure to one organization may have little value to another.”

Poor planning and coordination can lead to needless duplication and redundancy. “In large organizations, we frequently see many products and platforms that have the same or similar capabilities,” says Doug Saylors, cybersecurity co-leader for technology research and advisory firm ISG. “This is typically the result of a lack of a cohesive cybersecurity strategy across IT functions and a disconnect with the business.”

Organizations often layer security products on top of each other year after year. “As security teams and leadership, such as CISOs, leave the organization, new team members and leaders bring in new security products,” says Charles Everette, director of cybersecurity advocacy for cybersecurity firm Deep Instinct. “As the security solutions pile up, there's a tremendous amount of wasted resources and capital as solutions -- basically shelfware -- don't perform as expected due to not being updated nor keeping up with newer and more sophisticated attacks.”

Read the rest of this article on InformationWeek.

Related articles:

About the Author(s)

John Edwards, Featured Contributor

Technology JournalistA veteran technology journalist, John Edwards has written for a wide range of publications, including the New York Times, Washington Post, CFO Magazine, CIO Magazine, InformationWeek, Defense Systems, Defense News/C4ISR&N, IEEE Signal Processing Magazine, IEEE Computer, The Economist Intelligence Unit, Law Technology News, Network World, Computerworld and Robotics Business Review. He is also the author of several books on business-technology topics. A New York native, John now lives and works in Gilbert, Arizona.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights