When Too Much Cyber Security Spending Still Isn’t Enough: And what to do about it in 2022

Global cyber security spending was expected to reach $54 billion by the end of 2021, up from $40.8 billion in 2019.1

Organisations across a wide range of industries are continuing to invest heavily in cyber security in the face of an ever-evolving threat landscape, which was accompanied by an increase in the number of attacks during the COVID-19 pandemic.

Despite increases in cyber crime and huge surges in cyber security spending, in a recent survey, only 16% of executives said their organisations were well prepared to deal with the potential risks associated with a cyber attack.2

One of the reasons for this perceived lack of preparedness is that there is no causal link between cyber security spending and lowered cyber crime risk. In fact, a global survey, conducted by the Ponemon Institute and IBM Security, found that the increased complexity brought about by continued investment in cyber security tools can actually decrease an organisation’s ability to respond to cyber security threats effectively.3

While no amount of preparation can render an organisation totally free from risk, with risk appetites inevitably varying between organisations and industries, the reality is that strategic planning and targeted investment often produce greater returns than blanket spending increases.

Suggested reading: To learn more about new and evolving cyber security threats, check out our blog — The Threat Landscape Never Sits Still: Four new risks organisations face in 2021

Spending alone won’t do the job

Despite the dangers and evolving threat posed by cyber crime, most organisations do not have a cyber security incident response plan in place. 

Instead, many focus on attempting to spend their way out of trouble, often overspending on non-critical areas. Let’s take a look at some examples.

In-house teams

Building in-house cyber security teams is an expensive and time-consuming process. Once the need for cyber security expertise has been established, the solution to the problems at hand needs to be delayed so that the recruitment and onboarding process can be performed.

Even worse, around 57% of large organisations are struggling to find enough qualified cyber security experts to fill the required job roles, further delaying the process and increasing the risk.4

By comparison, outsourcing the problem to a qualified service provider that offers a combination of expert cyber security consultancy and managed detection and response services provides cyber security coverage on day one, and can represent a better return on investment (ROI) than in-house recruitment. 

Inefficient processes 

A cyber security strategy doesn’t have to be complex in order to be effective. Investing in technology like multi-factor authentication (MFA) systems can provide cost saving and help reduce complexity.

Actively streamlining cyber security processes, rather than simply relying on outdated and inefficient ones, improves both cost-effectiveness and overall efficiency, thereby reducing risk.

The skills gap

As we have touched on above, there is a growing skills gap in the cyber security profession. Rather than investing in increasingly complex cyber security infrastructure and technologies, organisations can instead benefit from using their resources to invest in training that can help improve in-house skills.

Training staff on the job can be a far more cost-effective approach than hiring new employees, and has the added benefit of improving employee satisfaction by providing new skillsets, new opportunities and added responsibility.

Unnecessary complexity

As discussed with regards to the Ponemon Institute and IBM Security survey, organisations that invest heavily in complex layers of cyber security technologies can see their response time to attacks decrease. 

The survey tells us that organisations who use more than fifty security tools rated themselves 8% lower in their ability to detect, and 7% lower in their ability to respond to an attack than those who used less than fifty security tools.

The data shows that investing heavily in security tools does not always have a positive impact on risk or threat preparedness, and can actually have the opposite effect. This begs the question, if wide-scale spending isn’t the answer, what is?

New call-to-action

Specialists are the solution

As with most areas of business, implementing a targeted and organisation-specific approach to a problem yields better results than simply throwing money around and hoping for the best. 

Outsourcing to a managed IT service provider offers several benefits, including:

  • Consulting services: The first step in an efficient cyber security solution is knowing where to concentrate effort. Having expert consultants on hand to direct that effort can be invaluable.
  • Managed solutions: Opting to outsource your approach to cyber security means having services in place on day one without the delays and expense of recruitment, onboarding and training, and is often more cost-effective in the long term.
  • Procurement advice: With too many tools and complex infrastructure impeding threat response times, having expert advice during the procurement cycle ensures that only the required tools and infrastructure are purchased and systems maintain efficiency. 
  • Development and implementation of training plans: Having industry experts produce training plans allows organisations to build out their in-house cyber security capabilities and overcome the current cyber security skills crisis.

Managed IT service providers shoulder the burden of the growing need for effective cyber security, bringing expert staff, effective tools and infrastructure to bear on the problems so that organisations can instead concentrate on their day-to-day business activities. 

Targeted investment is the key

When it comes to getting an effective ROI on cyber security spending, a scattergun approach is ineffective and potentially even counter-productive. 

Instead of blindly spending money across the board, an excellent first step is to invest in a cyber assessment carried out by cyber security specialists, as this allows organisations to identify key areas where investment is needed the most. 

From there focus can be placed on key areas, which are often industry-specific, to minimise cyber security risks.

Having expert advice on hand allows organisations to invest in effective training to build in-house skillsets, spend on proactive solutions to problems rather than losing money by constantly being reactive, create secure cloud systems for remote working or even outsource to a fully-managed endpoint protection service.

Specialist assistance is vital to both identifying areas that need to be prioritised for targeted investment, and in building and implementing the cyber security strategies that so many organisations lack. 

Once the spending is done and the strategies are in place, having specialists on hand to fine-tune the results offers organisations better ROI and reduced levels of risk. 

Service providers allow organisations in both the public and private sectors to turn cyber security into an opportunity, not a cost.

Get the right support

Six Degrees uses a depth of expertise and cutting edge capabilities to offer organisations a comprehensive, secure and flexible platform for achieving their aspirations.

Our Managed Detection and Response service provides 24×7 real-time alert management, detection and rapid response, as well as extensive endpoint protection and bespoke deployment, configuration and management solutions to suit the specific needs of your organisation.

Six Degrees can help protect your organisation from the ever-evolving cyber security risk landscape in an efficient and cost-effective manner, allowing you to focus on what you do best — your business. Schedule an assessment with our team and start your journey today.

Additional reading: For more on our attitude to cyber security at Six Degrees, take a look at our blog — The Six Degrees Approach to Cyber Security

New call-to-action

Subscribe to the newsletter today

Related posts

Cyber Security Budget Trends in 2022

Cyber Security Budget Trends in 2022

Cyber security has long been a domain of…

How and Why You Should Adopt a Cost-Benefit Analysis Approach to Cyber Security

How and Why You Should Adopt a…

How and Why You Should Adopt a Cost-Benefit…

Related posts