It’s an age old question for any company: How much should it spend on security? The answer: less than it spends today. The more companies spend on security, the more they shift revenue from other resources. And if the business isn’t more secure, it’s hurting another part of the business.
Security teams really need to ask: “If I invest in this product, will I reduce risk by so much that it positively impacts the company’s bottom line?” In the vast majority of real-world cases, massively inflated security budgets represent a huge waste of resources, and also contribute to an overarching artificial hubris that has led the security community to misconceive the very meaning of the word secure. Said another way: companies that increase security spend by checking boxes are creating purely cosmetic change, and it’s only increasing the company’s attack surface.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.