Why CFOs & CISOs Must Collaborate to Strengthen and Protect Organizations in a Recession
Cyber threats are intensifying even as budgets are being scrutinized. Now, more than ever, security and finance professionals need to align on cybersecurity strategies.
July 17, 2023
By Sean Duca, Vice President and Regional Chief Security Officer for Asia Pacific and Japan, Palo Alto Networks
Some economists predict that we could soon face a global recession. Looking at history, this does not bode well for preventing cybercrime. Some evidence shows that in economic downturns, cybercrime may increase as people turn to illegal activities to make money. During the 2008–2009 global financial crisis and subsequent recession, researchers noted that cybercrime rates increased dramatically. Their report focused exclusively on financial cybercrime including identity theft. It attributed this rise to the proliferation of new technologies around the world, which dramatically increased the number of people with IT skills.
Adapting to an Evolving Cybercrime Landscape
Cybercrime is constantly evolving. To keep ahead of cybercriminals, organizations must remain agile, pivoting to embrace new strategies and technologies whenever necessary to outrun attacks. When businesses are struggling due to economic pressures, there's a strong temptation to look for ways to cut spending.
A recession leads many chief financial officers (CFOs) to trawl through every line in the budget looking for potential savings. Any non-essential expenditure that can be cut or postponed will be. This can be a challenge to cybersecurity budgets in organizations where security is viewed primarily as a cost center.
However, for another, smaller group of CFOs, cybersecurity is viewed as an area to discover potential savings. After all, most cybersecurity expenditures are aimed at preventing potential problems. Although it's hard to calculate cybersecurity's return on investment, these leaders understand that cutting cybersecurity expenditures could, in fact, increase costs because cybercrime rates are likely to rise during tight economic times.
Taking a Long-Term Approach to Cybersecurity Expenditures
Cybersecurity investments have cumulative benefits that allow organizations to build resilience to cyberthreats incrementally over time. When an organization starts cutting back on its cybersecurity program, it can take many years to build back up to the level of cyber maturity it had before the belt-tightening.
Any minor savings achieved by cutting cybersecurity budgets in the near term could make an organization easy prey for cybercriminals. Moreover, if an organization is breached, the cybercrime losses could dwarf any budgetary savings. As a result, it's essential for finance leaders to work closely with the chief information security officer (CISO) and security team to understand the tools they most rely on to keep up with the relentless pace of cyberthreats catalyzed by competent, well-funded, and motivated adversaries.
Gaining Efficiencies From Security Choices
Complexity can make managing and securing an organization's systems and data challenging. It can be difficult to keep track of all the components and ensure they are correctly configured and secured. This complexity can make identifying and responding to potential threats harder.
Second, complexity can make it more difficult for an organization to communicate and coordinate its cybersecurity efforts effectively. For example, suppose an organization has multiple teams or departments responsible for different parts of its cybersecurity strategy. In that case, ensuring that everyone is working together and following the same processes and procedures can be challenging.
Overall, it is vital for organizations to carefully manage the complexity of their cybersecurity efforts to protect their systems and data effectively. Moreover, this may involve implementing processes and technologies to help reduce complexity, streamline cybersecurity management, and train employees to understand and follow best practices.
In these challenging macroeconomic times, consolidation is a key priority to address a dozen tools by leveraging a platform or a cybersecurity mesh, as Gartner defines it. Gartner believes that by 2024, organizations adopting a cybersecurity mesh architecture will reduce the financial impact of security incidents by an average of 90%. That's a number no CFO would want to ignore.
Cyber resilience isn't always about increased expenditures. Cyber budgets must be spent wisely, often without increasing costs or targeting the most likely risks. That starts with your crown jewels, who has access to them, and how they are protected. Finance leaders must work with security leaders to align on platforms that positively impact the health of your security program.
For more cybersecurity thought leadership, please visit us online.
About the Author
Sean Duca is vice president and regional chief security officer for Asia Pacific and Japan at Palo Alto Networks. In this role, Sean spearheads the development of thought leadership, threat intelligence, and security best practices for the cybersecurity community and business executives. With more than 20 years of experience in the IT and security industry, he acts as a trusted advisor to organizations across the region and helping them improve their security postures and align security strategically with business initiatives. Prior to joining Palo Alto Networks, he spent 15 years in a variety of roles at Intel Security (McAfee), with his last position as the chief technology officer for Asia Pacific. Before this, Sean was involved in software development, technical support, and consulting services for a range of Internet security solutions.
Read more about:
Sponsor Resource CenterYou May Also Like
Transform Your Security Operations And Move Beyond Legacy SIEM
Nov 6, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024