The new year is here—and so is your newly approved cybersecurity budget! Now that you’ve made it through all the negotiations to secure the budget, it’s time for the fun part: divvying up your funds in a way that maximizes both investment and security.
The right approach to cybersecurity spending should involve an assessment of risks across your IT environment influenced by real data and expert security advisors. When combined with analytical insights, this method will help you balance and allocate funds across cost centers, cybersecurity risks, and innovation opportunities.
1. Assess everything
Your coworker probably thinks a fleet of hoverboard devices will be the most beneficial investment for your company, and while he might not be entirely wrong, it just goes to show starting your budgetary planning with an assessment is vital. You need to weigh the pros and cons of everything—especially when it comes to security—to get a complete picture of value and need.
To start, CSO’s Scott Schlimmer recommends using an industry-accepted framework, such as the NIST Cybersecurity Framework or ISO 27001, to identify weaknesses in your organization. NIST and ISO frameworks are designed as high-level, strategic frameworks for organizations in many industries rather than prescriptive checklists for a specific company, so you should balance your framework with other sources of data, such as help-desk tickets that show where your IT team spent time in the previous year.
Leveraging expert assistance, such as HP Security Advisors, can also help you fill in any gaps and cover all your bases by providing you with granular insight into risks you may not have even realized exist in your environment, such as unprotected business printers.
2. Mitigate risks and address cost centers
A cybersecurity budget plan should provide a clear pathway to different types of value, such as risk mitigation or productivity gains. Smart investments could reduce your risk of experiencing a highly expensive data breach or save you money on heavily manual penetration testing activities. It could also address components of the infrastructure that sap your time and budget due to complex management requirements or unpredictable maintenance needs.
The most important cost centers to address are ones with a widespread impact on your team, such as legacy equipment that requires constant fixes from the IT team. Addressing cost centers in your IT environment could provide the opportunity to upgrade to next-generation solutions that enable better management and long-term productivity gains. For instance, replacing legacy printers with more modern multifunction printers could mean fewer repairs, resulting in more uptime.
3. Invest in innovation
Innovation spending can have clear benefits for the entire organization. According to a recent global survey by Vanson Bourne, 84 percent of companies who dedicate resources to test emerging technologies achieve increased revenue. However, few companies have the capacity to actually deploy new technologies; 77 percent of companies say they use too many IT resources just “keeping the lights on,” and 74 percent report that vendor lock-in restricts their ability to innovate.
If your IT team has enough cybersecurity budget to play with blockchain in an on-site innovation lab, you should count yourself lucky. For many organizations, the right-sized approach to innovation spending involves resource optimization. Upgrading an endpoint device to a solution with automation, for instance, could free up staff resources to participate in more strategic tasks.
If you’re looking for inspiration, whether big or small, the annual list of key information technology trends from Gartner offers 10 strategic predictions that could shape how you invest improvement funds, ranging from obvious technologies to more far-out capabilities. Two predictions of note included:
- Autonomous things: The world is becoming smarter and more connected thanks to advancements in “autonomous things,” such as AI and IoT devices. Again, the best way to pursue IoT innovation is likely by replacing your existing office architecture with smarter connected devices, especially when there’s an opportunity to create security improvements in an endpoint device. HP printers, for example, come with built-in device security features, like real-time threat detection, automated monitoring, and software validation, allowing them to detect and self-heal from malware attacks. That’s less time you have to spend worrying about a connected device and more time you can spend strategizing.
- Augmented analytics: This tech category consists of embedded analytical capabilities and platforms for citizen data scientists. Investing in analytics capabilities is a wise move when it involves upgrading to office technology with built-in intelligence to make your team more productive and proactive. That said, you should avoid devices that offer real-time data streams without a clear business use, because storing big data is a logistics and cybersecurity budget nightmare.
Increasingly, businesses are realizing that cybersecurity risks aren’t just an IT problem. Security risks that result in a data breach are a business risk. CEOs and CFOs are taking security more seriously, so it’s up to you to allocate your cybersecurity budget optimally. Make sure you’re truly addressing the greatest cost centers and risks—and save some resources for innovation.