“In the midst of every crisis, lies great opportunity”
Albert Einstein
In times of recession, the often approach taken is cutting corners. Budget cuts can come in the form of delayed expansion, modernisation plans or upgrades, cutting marketing budgets, and in some cases layoffs.
Gartner says the IT budget covers hardware, software, personnel, outsourcing, disaster recovery and occupancy costs associated with supporting IT within the enterprise. Costs also include all taxes (except value-added tax where it is recovered or refunded to the organization). Statista estimates that in 2022, companies allocated about 12.7% of the IT budget to IT security.
While technology spending is not immune from any budget cuts, arguments arise when cybersecurity discussions come into play. Given that cybersecurity is a top priority among organisations in Asia-Pacific, and apply this to the reality that economies are headed towards a downward trend, how do leaders decide what to keep, and what to leave out for now, when it comes to the protection of the organisation’s digital assets?
According to Zscaler’s senior regional vice president, ASEAN & Greater China, Adrian Hia says CIOs generally have two pots of funds: one to fund operations, the other for innovation investments. He acknowledged that a larger proportion of the IT budget goes to support operations.
“The way forward is to optimise operations so that companies can reduce running costs by improving efficiency without compromising security. This way, you can keep your innovation budget and help the business digitally transform,” he opined.
He conceded that enterprises are looking into how to simultaneously consolidate their platform, increase operations efficiency, optimise costs, and strengthen security.
Prioritising elements of cybersecurity
In a 2021 EY survey of the top five strategic priorities over the next 12 months, technology and data sit at the top of the poll. And yet a separate EY Global Board Risk Study noted that only nine per cent of boards are extremely confident that the cybersecurity risks and mitigation measures presented to them can protect the organisation from major cyber-attacks – down from 20% last year.
Source: EY 2021
Hia concedes that when it comes to budgets, the CIO and CISO can, at times, sit on different sides. He pointed out that while the CISO has oversight of an organisation’s security strategy and framework, the CISO also has a role in making sure that the infrastructure meets security benchmarks and needs. This role overlaps with a CIO’s scope of work, sometimes resulting in conflict.
Recognising the challenges that come with protecting both the tangible and intangible assets of an organisation, and mapping this to a budget that is not always proportionately in sync with the threats around, Hia says consolidation is called for.
Acknowledging the difficulty of maintaining a good security posture, he suggested consolidating running costs, as well as streamlining, and optimising manpower costs.
“In the cybersecurity world, talent is hard to come by. The costs of having a big team to manage security operations are high,” he commented.
He suggested that when considering delaying certain initiatives, consider consolidation as an option.
“Many of our customers are considering consolidating into a single platform instead of depending on multiple vendors, solutions, suppliers, and products. Trends and research indicate that by 2025, zero trust architecture is going to be the base of how organisations design their network and security to have seamless security and secure network postures.”
Adrian Hia
With (cyber) attacks against enterprises not letting up despite the economic volatility, he posits that the inefficiencies of enterprises is costing them time, resources and budgets. He believed amid these is an opportunity for the CIO and CISO to simultaneously optimise and upgrade their security posture.
Click on the PodChat player and hear Hia describe how organisations can futureproof their cybersecurity strategies.
- With the threat of a local or global recession looming, is now the time for the CIO and CTO to agree in terms of what investments need to be prioritised for 2023?
- How should the CIO and CISO decide – together and separately – which areas make sense to upgrade, keep and defer for when the recession is no longer a concern?
- At the end of the day, push comes to shove, what areas of cybersecurity should be prioritised and what can be left behind for another day?
- Topic: How to recession-proof cybersecurity strategies, what is your advice for decision-makers when addressing cybersecurity regardless of the state of the economy or business?
- Where does Zscaler fit in our discussion around recession-proofing cybersecurity strategies?
