Spending Your Budget on the Right Security Tools
The cost of cyber-crime increases, yet firms still misdirect their priorities by spending on ineffective security tools instead of investing in new technologies.
Successful breaches per company have risen 27% annually, from an average of 102 to 130. Ransomware attacks alone have doubled from 13% to 27%.
Information loss represented the largest cost component, rising from 35% in 2015 to 43% in 2017.
Of nine security technologies, five had a negative value gap: The percentage spending level was higher than the relative value to the business.
Advanced perimeter controls: -4,
Extensive use of data loss prevention: -4,
Deployment of governance, risk, compliance: -3,
Extensive deployment of encryption: -2,
Automated policy management: -1
Three technologies had positive rank ordering by spending levels and cost savings.
Security intelligence systems: +6,
Use of cyber-analytics and user behavior analytics: +5,
Automation, orchestration and machine learning: +3,
Advanced identity and access governance: =
The two most widely deployed security technologies are security intelligence systems (67%) and advanced identity and access governance (63%). They deliver cost savings of $2.8 million and $2.4 million, respectively.
Spending on governance, risk and compliance technologies and automated policy management is not a fast track to increased security. They showed the lowest effectiveness in reducing cyber-crime costs (9% and 7%, respectively) out of nine security technologies.
Innovative technologies are generating the highest ROIs, yet investment in them is low. Cyber-analytics and user behavior analytics, as well as automation orchestration and machine learning ranked lowest for deployment (32% and 28%, respectively), but they provide the third and fourth highest cost savings.
Build cyber-security on a strong foundation. Invest in security intelligence and advanced access management, and recognize the need to innovate.
Perform extreme pressure testing. Don’t rely on compliance alone to enhance your security profile. Use extreme pressure testing to identify even the most highly motivated attacker.
Invest in innovation. Balance investments in analytics and artificial intelligence to enhance program effectiveness and scale value.