When IT budgets tighten, it’s time for a back to basics approach to managing cybersecurity risk, writes Macrium’s Richard Gall.
Many businesses are feeling the effects of the pandemic, which might encourage them to reduce, delay or even cancel IT spending plans. Yet security risks have increased – due to the rise of remote working, a rise in targeted malware including phishing and ransomware, and customer behaviours increasingly fuelled by waves of misinformation and anxiety across the board, Gall suggests.
“Understanding the ROI of your IT and security spend is critical. Finance departments will always take a forensic approach to management spend — it’s the responsibility of IT leaders and decision makers to make the case for investments. After all, if they don’t evangelise for a secure and reliable IT system, who else will?” he says. “There are undoubtedly a variety of approaches that could be taken.”
The conclusion? Businesses should get smarter about their IT security spend, focusing on the basics that will help protect them, minimising economic disruption. Customer businesses can manage both financial and technological risk by going back to basics.
This means a shift to investing in what really matters. It could be a chance to reduce vendor lock-in, scope creep, or the use of inappropriate solutions.
Yes, spending is down significantly from what was forecast in late 2019. Yet Gartner still predicts that spending on security worldwide will grow by around 2.4% this year.
“If ever there was a time to take cybersecurity ROI seriously, it’s now,” affirms Gall.
Customers should be moving ahead by taking steps to measure that ROI. This includes monitoring across workstations, servers and the like — being able to gather data and intelligence on how IT is maintaining business as usual and helping businesses to grow. This can be approached by adopting simple productivity metrics, or by firming up ways to understand the data powering sales and marketing efforts.
Of course, there are a number of ways you could approach this, from adopting simple productivity metrics to recognising the way in which data is helping to power marketing or sales efforts. In any case, what’s important is establishing value. By extension this can help IT leaders to also determine the impact of, say, a data breach or downtime.
Sales conversations, he suggests, might do well to emphasise risk, not value, especially when it comes to cybersecurity investments. This suggests a clear focus on the business impact of cyberthreat – from reputation damage to losses of customer data and compliance failures, to data protection fines and theft leading to major financial losses.
“Of course, any form of dialogue will likely require compromise. That’s fine. Armed with intelligence and insight, it’s possible to protect critical parts of the IT spend, and potentially even drop elements that aren’t necessary. That’s useful at any time, pandemic or no pandemic,” says Gall.
It’s all about helping customers spend more wisely for current conditions.
