Light Dark
May 22, 2019 By Jennifer Glenn 3 min read
CISO

Regulatory requirements such as the General Data Protection Regulation (GDPR) and high-profile breaches have moved cybersecurity out of IT and into the board room. For security practitioners, this level of visibility has helped ease the budgeting process and allowed them to add multiple products and services to their security solutions toolkits.

However, as any security professional — or any business professional — will tell you, getting from budget approval to spending is just the first step. With technology investment, particularly for high-visibility projects such as security, comes the expectation of improvement over your current situation. So has all this security investment actually solved the problem, or has it created new ones?

Too Many Security Solutions, Too Little Time

A recent study conducted by Forrester Consulting and commissioned by IBM explored security spending trends and how the resulting complexity has impacted organizations’ ability to react to risks and threats. For the report, Forrester Consulting surveyed 200 security professionals, and the resulting data lays bare a growing problem for today’s enterprises: The rapid addition of security solutions and services over the last few years has increased the complexity of these environments so much that it is extremely difficult to quickly and effectively identify and act on threats. In addition, so many disconnected point solutions have made it challenging to adequately demonstrate return on investment (ROI) for the products they have, thereby threatening future investment.

Register for the Webinar: “How Simplifying Your Cybersecurity Program Can Lead to Better Outcomes”

It’s probably not a huge surprise to most security professionals that a complex environment leads to delays in identifying and responding to security risks. What is surprising, however, is how organizations are benefiting by starting the process of simplifying their security environments. Certainly, speeding up the time it takes to identify risks and respond to security threats is an advantage. However, by simplifying their security ecosystem, organizations are using security to advance their business goals.

What Do Security Simplification Champions Have in Common?

Forty-four percent of Forrester’s respondents have already taken steps toward simplifying their security environments and have made good progress. Known as “champions,” these organizations can serve as a model for what other organizations can expect from these efforts. Let’s take a closer look at three key characteristics most security simplification champions have in common.

1. Improved Strategic Focus

According to the World Economic Forum (WEF)’s annual “Global Risks Report,” the world’s leaders rate cyber-related risks in the top right quadrant of global risks, both in terms of likelihood and impact. As the business focuses on cybersecurity, it will become more important for teams to shift their own perception of security from a cost center to a revenue generator. This requires the security team to think smarter about its spending and get the most out of every technology and service.

Simplification champions are fully aware of this: Two-thirds have been able to reduce their repetitive spending by adjusting processes, rethinking how existing tools are used and squeezing as much value as possible out of existing applications, according to Forrester. This helps them demonstrate value to the business while also giving the security team the flexibility to pivot on future security spending if needed.

2. Better Visibility and More Comprehensive Risk Identification

A security analyst typically investigates 20–25 incidents every day. Data silos make the investigation and coordination of attack response time-consuming and increase the likelihood that attack indicators will go undetected or ignored. That’s why 63 percent of simplification champions have consolidated multiple security solutions onto a single platform or with one vendor.

By reducing data silos and consolidating core capabilities under a single platform, organizations can get a more comprehensive view of their security data and the reach of each compromise. This reduces delays in sharing information and offers better control over each of the capabilities that are being managed.

3. Increased Cyber Resilience

A strong majority of champions — 75 percent — are satisfied with their ability to respond to threats, compared to only 42 percent of those that haven’t taken steps toward simplifying their network. A whopping 83 percent were satisfied with their ability to recover from a breach. Resilience is critical; studies have shown that improving cyber resilience can help organizations save millions of dollars in the event of a data breach.

Grow Your Business Over the Long Term

It’s important to note that simplification champions said they still had more work to do to simplify their security environments and that it’s likely to be an ongoing battle as the security landscape shifts. But by prioritizing simplification now, these security teams put themselves in a better position to adapt over time and continuously grow the business.

Download the “Complexity in Cybersecurity Report 2019”

 |  |  |  |  |  | 
Jennifer Glenn
Content Marketing – IBM

More from CISO
December 30, 2024

CISO vs. CEO: Making a case for cybersecurity investments

4 min read - Ask CISOs why they think there is a cyber skills shortage in their organization, what keeps them up at night or what the most important issue facing the industry is — at some point, even if not the first response, they will bring up budgets.For example, at RSA Conference 2024, a roundtable discussion about issues facing the cybersecurity industry, one CISO stated bluntly that budgets — or lack thereof — are the biggest problem. At a time when everything is…

December 13, 2024

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

December 11, 2024

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature