ISJ Exclusive: Risk by Risk, Business to Business – Part 4

In the fourth installment of this exclusive International Security Journal series, Mo Ahddoud, CEO, Chameleon Cyber Consultants discusses how large investment in security doesn’t always mean more secure and what organisations should focus on in ensuring every pound spent is helping reduce business-related risk.

Regardless of the size of the budget, business operations must be prioritised and therefore it should guide an organisations decision about which risks to prioritise.

An optimised budget is one that has the greatest impact on risk for the least money spent. To do this organisations should:

• Have a security strategy that is aligned to business operations and strategic goals
• Determine which risks to prioritise
• Align with the business regarding risk tolerance
• Make objective decisions about which people, processes and technology they need

Cost-optimise your technology and managed services

The rise in cybersecurity services and products continues to increase year on year with the number of active firms in the UK rising from 1,483 to 1,838. With so many products and services on the market this can cause confusion for organisations on which security tools are right for them. Tools and services are only worth it if the money spent on them matches the level of risk reduction received from them.

When it comes to assessing the value of technology and managed service investments, a quantified gap analysis is the only thing that can really show if they are worth the price being paid for them. Organisations that do this see several benefits:

IT benefits

• Insight into the efficacy of security tools and services: are they worth the cost?
• Increased alignment with the business regarding the organisation’s business-essential security controls.
• Opportunity to redesign a program that provides the greatest risk reduction for the least amount of money.

Business benefits

• Opportunity to reduce security friction
• Greater alignment with security about what necessary spending is
• Increased insight into and understanding of cyber-related risk

In essence without this approach making decisions regarding the true risk reduction value of current security tools and services and whether outsourcing is appropriate for your organisation is impossible. This could lead to tools not being managed or optimised correctly and therefore not meeting the needs of your organisation. Not only is this a lack of return on investment it could also put your business at greater risk of a breach.

By Mo Ahddoud, CEO, Chameleon Cyber Consultants

At Chameleon Cyber Consultants we pride ourselves on facilitating business success through secure environments. Our mission is to use the very latest security thinking, practices and technology tailored to your specific business needs and objectives. If you would like support understanding your current cyber investments contact us today www.chameleoncyberconsultants.com