Cyber security is not to bring down the business, but to enable it. Following the Part I session on Cybersecurity Budget, we went deeper into Part II of the Cybersecurity Budget Session which was featured by Mr. Ajay Bhayani and our esteemed speaker Mr. Kalpesh Doshi. Mr. Kalpesh Doshi has been a cybersecurity consultant, an implementer as well a vendor in cybersecurity and is currently a group CISO in HDFC Life. With his ground-breaking experience of 25 years, he has also worked in companies like Pidilite, Accenture, Capgemini, and FIS.
He started his session with some key cybersecurity statistics and facts
- Over 300 billion passwords are being used by humans and machines all the over the world. (Cybersecurity Media)
- Between 2005-2020, there have been 11,762 major security breaches. (ID Theft Resource Centre)
- The information security market is estimated to reach $170.4 billion by 2022 (Gartner)
- 86% of the breaches were financially driven while 10% were motivated by espionage. (Verizon)
Before 25 years, there was nothing like cyber security or the need to have one. From saying that there is no data breach to saying that what if there is a data breach and what will be the future process, everything changed for organizations. Hence, there is a huge shift in crafting a cyber strategy.
Factors Determining Security Spend
Security is a part of our DNA, but why cyber security is complex? We have always sought security in everything. Similarly, cyber security comes in the same bracket w.r.t to computers, technology, and information. It has been seen that there is a lot of information. One needs to differentiate between information and valuable information. If there’s an overload, there will be fatigue.
Once an organization realizes, what is important, the idea of budgeting will become simpler. Additionally, there should be some factors to decide the security spending. For example,
- Compliance- Try identifying data privacy, securing customer data, sensitive data, and the type of data to be secured
- Ongoing risk assessment- COVID-19 was a shock. So, reassess your cybersecurity posture and investments. When you invest in a tool, it needs to give you a return on investment. If it doesn’t give that, you need to invest in four more tools to get a reasonable ROI. Every organization is different and budgeting is custom based. Prevention is necessary but the response is overlooked. Try to balance your investments between Prevention, Detection, and Response Controls. Therefore, there’s a need for tools and techniques for post-incident mechanisms.
- Ongoing security training
- New business initiatives
- Business priority shift
Tips for Effective Budget
For an effective budget, one needs to
- Quantify risk
- Reactive v/s Proactive approach to cyber security budgeting-
- Risk-based approach
- Calculate ROI
- Plan for contingency
- Add response as an integral part of the strategy
According to Mr. Kalpesh Doshi’s knowledge session, the general benchmark is that the cyber budget is 10% of the overall IT spend. He also mentioned some tips for 2023
- The cybersecurity market is expected to grow to $300 billion by 2024.
- Global spending on cybersecurity exceeded $1 trillion in 2021
- On average, small businesses spend less than $500 on cybersecurity.
- The cyber insurance market is expected to be worth $20 billion by 2025.
(For more context, visit the 1st part on How To Plan A Cybersecurity Budget” by clicking on this link)
If you are an Enterprise Leader and would like to join our CXO Junction City Chapter Groups, register yourself here: