Six things you should be spending your cybersecurity budget on

Introduction: Plan to increase your focus on cybersecurity

Cybercrime activity is escalating, both in number of incidents and sophistication. It’s normal that companies are focusing on cyber-resilience by investing time, effort and resources in improving their security posture in an effort to withstand an ever-evolving threat landscape. Although still not a sizable part of the total business expenses budget, cybersecurity spending is nevertheless increasing for many organizations in the hope of protecting digital assets.

Simply investing larger amounts of money, however, is not a remedy and does not ensure higher resiliency for the organization. Spending wisely and appropriately is the true challenge, so as to maximize the Return on Investment (ROI). A high priority is not only to identify the strengths and weaknesses of the current infrastructure and discover where cybersecurity needs improvement, but also look at which assets are worth defending and the most effective (and cost-effective way) to do so. 

It is also important to recognize that technology alone is not enough to safeguard the workplace. The role of the workforce in cybersecurity is growing.

Cybersecurity spending trends on the rise

Pinpointing exactly how much a company spends on IT security is difficult, as research and advisory company Gartner explains. Security costs are often hidden in other purchases or services. For example, they could be related to the addition of security features in a production software, or to training that is normally mandated and paid for by HR. “Gartner’s view is that enterprises should be spending between 4 and 7 percent of their IT budgets on IT security: lower in the range if they have mature systems, higher if they are wide open and at risk.” This would include “explicit security spending [that] is generally split among hardware, software, services (outsourcing and consulting) and personnel.”

(Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Daniel Brecht. Read the original post at: