Security and risk teams must ensure that they are able to best position themselves in a way that minimizes the organization’s exposure to an altered cyberthreat environment while taking proactive steps to aid in the organization’s economic recovery following recent impacts to global markets and economies.
First and foremost, it is critical to acknowledge that the organization’s strategic objectives, operating model and cyberthreat landscape will likely have changed. This sounds like common sense; however, Gartner research shows that 82% of security and risk management leaders do not adapt their budgets to reflect business and environmental impacts. With this acknowledgment, security and risk leaders must then recognize that their current, in-flight security enhancement roadmaps may no longer be appropriate for the organization’s short- to midterm plans.
As a result of recent impacts on the global economy, information security spending growth forecasts are expected to drop by over half, from 9.1% to 4.1% in 2020. However, the cyberthreat environment remains unabated and has amplified as a result of COVID-19, with attackers seeking to exploit natural concerns people have with regard to their health, the health of their loved ones and their own financial livelihoods.
Engaging early with senior business executives will be key to understanding what, if any, changes there will be to the organization’s strategic trajectory over the next 12 months and how it plans to achieve its objectives. Taking the outcome of those discussions and the review of the cyberthreat environment into consideration, security teams should proactively review, and recast as necessary, their existing security enhancement roadmaps. This will help to ensure that the portfolio of security initiatives over the next 12 months are the right ones to optimally address the current and foreseeable cyberthreat environment within the limits of new security investment budgets.