The recently-released Red Hat's 2023 Tech Outlook report has highlighted the priority given to cybersecurity in place of innovation as the top area of investment among businesses.
The report revealed that 44% of the IT leaders surveyed said cybersecurity investment is a top three funding priority, with network security and cloud security rounding up the three. Already, about three-quarters have said that they “somewhat increased” or “significantly increased” their investments in the security of their applications and/or data sources.
Security is not optional
While security investment decisions are probably not that different from other IT investment priorities, security investment is a different matter in the sense that such investments, and security In general, are not an option. Because treating security as an option opens the business to serious risks that it could not recover from.
Even as businesses face economic uncertainty, business leaders also recognize that cyber risk translates directly into business risk and cybersecurity is one way to at least lessen the risks these threats pose.
As such, CISOs must prioritize security investments that support the business such as cloud initiatives that can lead to new customers and revenue streams, as well as investments in people who will provide innovative and creative solutions and in automation and data-driven analytics to deal with the massive volume of telemetry being collected to quickly detect and respond to attacks.
Understanding the risks, planning the costs
It goes without saying that budget is a constant challenge that businesses need to face in all aspects of their operation. More so when it comes to security, where there are lots of uncertainties and “what ifs” to consider that are not directly correlated to ROI.
Given these factors, it is important to understand the risks and the “what ifs” at stake for the business to effectively prioritize its security investments. As one CEO shared with InformationWeek, “Security is a game of risks.”
Addressing the lack of security talent
Talent remains a major source of frustration among IT leaders as they struggle to find qualified IT security people who understand and have kept up with the evolving and complex nature of security, especially with regard to the network. Outsourcing key security tasks is not an option given the complexity and sensitive information involved in these tasks
It also does not help that despite businesses investing in talent recruitment and knowing already the importance of security, recruitment for security and compliance positions in these businesses remains a low priority for many of them.
CISOs must prioritize security investments
With these challenges that many businesses are facing, the CISO plays a critical role in ensuring that the business is not only “walking the talk” on their security investments but also helping it invest in the proper tools, policies, vendors, and people that help achieve the business’ objectives. It goes both ways as well; CISOs should be mindful of the business’ objectives and thus should suggest and implement models that align with the business and its objectives.
In addition, CISOs must be aware of new threats and adapt accordingly rather than just setting priorities the same as they've always done. More importantly, they should never forget to prioritize what is critical in keeping the lights on.