Justifying IT budgets is tough, but if we shift to a more realistic cybersecurity mindset, maximizing every cent spent becomes easier

The old adage of “do more with less” is relevant to IT and security teams now more than ever. While budgets may be tightening, do any of us really imagine criminal enterprises to be facing similar pressures to cut costs and to let up on the cyberattacks cadence?

Security leaders are being asked to perform miracles: improve cyber resilience and protect against cyber threats with tight budgets and resources stretched beyond capacity. Many open roles remain unfilled and after several challenging years, burnout is a real issue among security teams.

To stay effective, perhaps now is the time to consider new strategies that can deliver the greatest and most consistent return on their investments. Here is how get the best ROI out of your cybersecurity investments:


Andrew Kay, Director Systems Engineering, Illumio Asia Pacific

    1. Quantify the impact of your strategy
      We are either reducing costs, helping to drive revenue or are reducing risk to the business. But can you quantify it? Security teams need to be able to illustrate the impact and benefit of the technology they are implementing. Ask your security vendors how they can help you prove an ROI.

      It is important to understand what the impact of a breach could be, and what the high-risk areas of your network are. Determining the impact and consequence of a successful attack on each part of your environment will help you to illustrate the importance of fortifying your security posture in any given area and offer a road map of what to prioritize (i.e., think inside-out, focus on the most critical crown jewel systems and applications.

    2. Focus on surviving cyberattacks, not just preventing them
      One thing has become clear in recent years: breaches are inevitable. Despite our best attempts to fortify the perimeter and detect breaches as quickly as we can, attackers still break through and can often move undetected to reach their targets. The gap between compromise and detection remains too wide. Lateral movement of malware or an adversary remains an unsolved problem.

      This is why prioritizing how you will survive an inevitable breach is critical to realizing a high return on your security investment. How will you keep your most essential data and systems secure, even when an attacker has already come inside the network?

    3. Prioritize technologies that scale with your business
      Choose technology that is fit for a modern enterprise IT architecture and can be used by the people in your organization anywhere. Software should be dynamic, adaptive, safer and should not be dated in 12 months’ time.

      For example, Zero Trust Segmentation (ZTS) is a modern security approach purpose built to contain and minimize the impact of breaches and ransomware. Unlike prevention and detection technologies, ZTS contains the spread of breaches and ransomware across the hybrid attack surface by continually visualizing how workloads and devices are communicating, automatically isolating breaches by restricting lateral movement proactively or during an active attack. Recovery costs can also be controlled due to the reduction of the amount of time it takes to get the lights back on following a cyber incident.

    4. Control your recovery costs
      Many cyber insurance policies today are mandating that organizations applying for cover have some form of zero trust approach. Premiums are soaring and coverage amounts diminishing as insurers get better at pricing cyber risk and learn from paying out for breaches that businesses could have contained or prevented.

      Some insurers will not even cover ransomware. If your organization has invested in technology to ‘contain’ data breaches, your cyber insurance premiums and coverage should improve. Be sure to ask about the impact of well implemented cybersecurity measures on coverage and costs.

So we can see that data breach prevention alone is not enough for good security ROI: building resilience is. While preventing all breaches is unrealistic, the focus must be on containing any and every breach, stopping its spread and ultimately limiting the damage.

As part of calculating an ROI on cyber spend, security teams need to shift thinking to breach-containment and consider how new controls can demonstrably and quantifiably uplift overall the organization’s cybersecurity posture.