According to a recent PricewaterhouseCoopers study, while SMBs spend nearly 15% of their IT budgets on security,...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
large companies spend only 11%. Both numbers represent an increase from a few years ago. Given that, how should CISOs best strategically take advantage of increases in cybersecurity spending?
Come budget year, all managers, including the CISO, grapple with how to spend the remaining budget in fear that executive management will reduce the subsequent year's allocation. You either use it or you lose it.
There is a general increase in cybersecurity spending in various types of organizations. There are many ways to spend an increased budget, including hiring more staff or acquiring tools that would be the envy of many (though smaller businesses should be careful to avoid shelfware).
But the better question is what do you need? First, you need to determine the total cost of ownership (TCO) for establishing the right complement of resources -- people and technology. The TCO needs to include:
- Total cost of technology (TCT): The cost of technology that is required to deploy, monitor and report on the state of information security for the enterprise.
- Total cost of risk (TCR): The cost to estimate and not deploy resources, processes or technology for your enterprise, such as compliance risk, security risk, legal risk and reputation risk.
- Total cost of maintenance (TCM): The cost of maintaining the information security program, such as people, skills, flexibility, scalability and comprehensiveness of the systems deployed.
The formula for TCO includes a junction of TCT, TCR and TCM. We all want to have the resources necessary to meet and stay ahead of risks. But how much of that budget is truly necessary?
It's difficult to calculate a realistic TCO because what is best for one organization may not be the best practice for another organization, but this is the best approach to effectively take advantage of an increased security budget.
Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)
How to negotiate for a better DLP tool when your security budget is limited
Dig Deeper on Business Management: Security Support and Executive Communications
Mike O. Villegas asks:
How would you approach an increased cybersecurity budget?
0 ResponsesJoin the Discussion
Related Q&A from Mike O. Villegas
Advanced persistent threats are a constant risk for enterprises, so the board needs to know about them. Expert Mike O. Villegas discusses how to ...continue reading
Third-party vendors are necessary for organizations, but with them come more security risks. Expert Mike O. Villegas discusses how vendor risk ...continue reading
Hiring an ex-hacker to join an enterprise security team is a risky move. Expert Mike O. Villegas discusses the potential benefits and drawbacks of ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.