Proving ROI in cyber securityhttps://securityitsummit.co.uk/wp-content/uploads/2019/04/UK-Businesses.jpg 960 640 Guest Post Guest Post https://secure.gravatar.com/avatar/cb2a67f15cd7d053d8e638a1df3fd67f?s=96&d=mm&r=g
Research shows that almost half of businesses have reported cyber security breaches or attacks in the last 12 months. Amongst these businesses that identified breaches or attacks, more have experienced these issues at least once a week so far this year.
Moreover, the unprecedented events of recent months have seen the number of attempted data breaches continue to rise, with cyber hackers using the increase in remote working and individuals’ fears over the coronavirus to their advantage. In fact, a survey showed that 50% of organisations were unable to guarantee that their data was adequately secured when being used by remote workers.
The issue is serious and many businesses are stepping up their cyber security strategies accordingly, with CIOs and their teams increasingly taking a seat at the executive board table. But one thing is still lacking: cyber security ROI. To truly engage with a strategy, board members need to see ROI from every department of an organisation, and cyber security is not exempt from that. However, demonstrating business value in areas such as compliance, risk management or data assurance, has always been challenging.
Consequently, data security has historically been looked upon as a necessary cost of doing business. However, this no longer needs to be the case. As CIOs, CISOs and network security teams mature into their C-Suite role, proving the value of data security is now both a realistic and achievable corporate objective. Frank Richmond, Vice President Sales Europe, Certes Networks, explains just how CISOs and CIOs can get the Board on board…
Cyber security as a strategic investment
Today’s current network and data security approaches focus primarily on keeping the cyber hackers out with threat detection and vulnerability management at the core. But modern CIOs and CISOs want – and need – more than this when reporting to the Board; they want “provable security”.
Securing data should be a strategic investment in an organisation’s risk strategy and should quantifiably contribute to the overall value of the business. CISOs expect their network security teams to be equipped with tools that will enable them to make real-time changes to applications based on observable network flow. They want to see that securitypolicies are being enforced properly and, most importantly, prove that their security strategy is actually effective.
To put this into practice, cyber security should be quantifiable, measurable and outcomes-driven. It shouldn’t just be a case of successfully keeping a cyber attacker out of the network after a single breach; a successful cyber securitystrategy is effective only when it is continuously putting data security first and measuring impact against key performance indicators (KPIs) that will instantly show Board members how imperative the strategy – and the technology behind it – really is.
In order to truly demonstrate the effectiveness of the organisation’s security strategy, CIOs and CISOs need to be able to visualise and understand their data, the associated applications, workloads and behaviour, with real-time contextual insight. This, in turn, will enable this understanding to be passed on to other executive Board members.
The real value of cyber security
Armed with this insight, organisations can then take actionable steps not only to measure the effectiveness of their security strategy, but to gain deep understanding into how to enhance their security posture and to manage and enforce policies. With a data-driven approach to cyber security, the guesswork can be removed and CISOs and CIOs will be able to clearly demonstrate to the Board that ROI has been achieved.
With buy-in from the Board, data security is now more than a ‘necessary cost’, and is instead a fundamental of business operations. The businesses that succeed in enforcing this way of thinking will then truly be able to continuously evolve their cyber security practices to keep their data safe.