Sean Leach, VP of Technology, Fastly suggests four ways security teams can get cybersecurity expenditure back under control in 2024. 

With wars across the world, rampant inflation, supply chain constraints and the threat of global recession, businesses have had to negotiate a plethora of geopolitical and economic headwinds this year. And if these challenges weren’t enough, cybersecurity concerns continue to rank high on companies’ agendas.

Recent research by Fastly revealed that cyber attacks over the last 12 months resulted in a 9% average revenue loss for businesses across a range of sectors. Looking ahead to 2024, cybersecurity’s role in protecting the bottom line will continue to grow. 

Three quarters of cybersecurity professionals plan to increase spend

Given the hugely damaging financial effects of security breaches – not to mention their cost in terms of network outages, data loss and compromised customer accounts –  it’s not surprising that three-quarters of the cybersecurity professionals Fastly surveyed plan to increase security spending in the next year. They plan to do so to tackle a range of challenges from the sophistication of the threat landscape (36%), to a lack of relevant technical skills within teams (35%), to the risks posed by Generative AI (35%). Underlying all these concerns is the need to ensure companies’ security infrastructure is fit for purpose. 

Yet despite this increase, uncertainty is a key theme within cybersecurity teams with a third (35%) of cybersecurity leaders feeling they overspent on security tools in the last 12 months compared to 18% who feel they did not spend enough. Highlighting this conflicted spending strategy, survey participants reported that only 55% of security tools are being fully deployed, which means significant waste when it comes to tackling cyber crime. 

So how can companies reign in spiralling cybersecurity expenditure while future proofing their cybersecurity infrastructure against a constantly shifting threat landscape? Here are 4 strategies to consider:  

1. Simplify the cybersecurity footprint

Many businesses try to hit the moving target of cyber threats by following a trends-based approach, which means they invest in tools on an as-needed basis or based on what they read in the media. The result is a stack made up of disconnected tools that can’t be easily integrated with each other or function to their full extent. In addition to the finding that only 55% of cybersecurity tools are fully deployed, our survey also revealed that 41% of tools needlessly overlap in the protection they provide, indicating areas of overspend that could be rectified with a simplified cybersecurity footprint. To achieve this, businesses must undertake a thorough risk assessment and be sure to identify priority risk areas.  Working with a lower number of vendors will also help teams to simplify their security footprint and reduce costs.

• Consult and collaborate

With threats ranging from ransomware attacks to DDoS to API/web application-related attacks, it can be difficult to see how to take precise, concrete steps to mitigate cyber threats. Partnering with professionals who understand the objectives of an effective cybersecurity strategy allows businesses to hit targets while avoiding unnecessary spending on specific, expensive security toolings that can’t be easily integrated into existing stacks. The complexity of the threat landscape makes these objectives challenging to meet, however collaboration is an inexpensive way to begin re-strategising. Where possible, it’s best to trust security teams to consult expert groups that can obtain the required information. 

• Opt for easily integrated security solutions

If consultations with partners reveal the need to invest in new cybersecurity tools, it’s important to consider how easily they can be integrated into the existing stack. Providers of toolsets often package solutions together that aren’t capable of technical integration – which we like to call ‘integration by invoice’ – leaving technical and visibility gaps that slow down a team’s ability to respond in real-time when under attack. 

All new solutions should have a single, easy to use interface that allows full visibility of the system at a glance and easily integrate not just with each other, but with the entire response toolchain. Ensuring tools can be integrated is as much about planning and mindset as the tools themselves. Security teams need to be aware of their industries’ priority risk areas to form a spending strategy that allows them to be proactive, not reactive. This approach ensures security tooling can be as lean and interoperable as possible.

• Explore a Managed Security Services approach 

Managed Security Services (MSS) are growing in popularity. Nearly 30% of businesses Fastly surveyed have begun to use MSS over the last year and a further 40% plan to do the same, as they look to reduce toil for their security teams, and with good reason. More than a third (36%) of cybersecurity professionals feel that new talent entering the industry lacks the necessary skills to protect their business, which is why 48% of businesses are having to increase their spending to capture the right talent. Turning to Managed Service Providers helps companies to bridge the skills gap while avoiding the risk of overcomplicating their internal cybersecurity posture. 

Final thoughts

Bearing these points in mind when building a cybersecurity strategy allows teams to keep unnecessary expenditure to a minimum without leaving weaknesses in their organisation’s cybersecurity posture. Cyber attacks are unlikely to slow or reduce in sophistication, so businesses with an effective, accessible, streamlined cybersecurity infrastructure are best positioned to keep their spending under control in 2024 while still protecting their businesses from attack.

More UK Security News