Organizations are ill-prepared to confront the impact of crises on their services and goals. As economic and work environment uncertainty increases, security and risk management leaders must create a cost optimization plan to aid their organizations in navigating past this challenging turn.

Key Challenges

The current economic and health crisis will have a negative impact on security budgets across many industries. This is especially concerning given the increased dependence upon digital systems that organizations have undertaken in response to COVID-19.

  • Organizations tend to focus and prioritize most of their resources toward responding to a crisis. This impedes their growth during the recovery phase where focus must be on operational stability.
  • Cost optimization efforts are not balanced and primarily focus on “cost reduction” rather than optimization, which may include exploring alternative delivery platforms, outsourcing, increased spend, employee retention and other mechanisms.
  • Security and risk management leaders and their programs are ill-equipped to deal with budgetary challenges, in part due to a static and informal planning and budgeting process.
  • Organizations could suffer business consequences if they wait out the impact of a crisis such as COVID-19: Time is of the essence.

Gartner recommends CISOs and security leaders should do the following: 

  • Identify the crisis phase (triage, doldrums, recovery) that the organization is working around and equip your team with relevant data (such as benchmarking) to support these efforts before jumping into the exercise.
  • Build adaptable “budget scenarios” that reflect the reality of your security and risk management function should you find yourself in a situation that requires immediate and decisive action (for example, large budget cuts).
  • Align security and risk services with the value of a business unit to optimize cost and risk. This helps identify critical points to shield and noncritical items to eliminate/reduce.
  • Balance efforts to ensure that you are not solely focused on “reduction in spend,” but rather on a budget portfolio that drives efficiency, productivity and optimization.
  • Align your efforts with roles, competencies and skills that currently exist in the organization to ensure efficiency.