A CISO Perspective
First, understand your organisation’s evolving risk appetite If your exposure has shifted - whether due to external market forces, or internal changes - it is likely risk appetite has shifted too. New or updated regulation and legislation is being introduced at a rate of knots, and this can impact risk appetite.
It is fair to predict that 2023 will be a financially challenging one for many organisations. As is often the way in times of economic difficulty, budgets will be reviewed across the board, and could face cuts? Set against this backdrop, the cost of a cyber attack is rocketing: IBM Security’s The Cost of a Data Breach report found the global average cost of a data breach reached $4.35m in 2022. At the same time, threats are becoming more complex and frequent in nature. Clearly, cyber security is a non-negotiable for any organisation. What is up for discussion, however, is how to invest in their security posture, to ensure the investment meets its needs and provides a ‘strong enough’ level of protection against risk. And if budgets are being reviewed by the board, CISOs have an important role to play in guiding these discussions.
Lawrence Munro, shares his take on how CISOs can balance fluctuating budgets as the threats advance in volume, complexity and impact.
Evolving risk appetite.
With this in mind....
Lawrence Munro CISO at NCC Group
How can CISOs ensure that cyber security remains a spending priority?
Do your current controls meet all mandatory requirements?
Are you possibly overspending to meet certain frameworks or guidance?
Could your spend be better used for other controls?
How do you ensure no gaps in your protection at a time when budgets remain static, if not reduced?
$4.35m average cost of breach in 2022
And where should you focus your spend?
Made with FlippingBook Online newsletter maker