May 22, 2019 By Jennifer Glenn 3 min read

Regulatory requirements such as the General Data Protection Regulation (GDPR) and high-profile breaches have moved cybersecurity out of IT and into the board room. For security practitioners, this level of visibility has helped ease the budgeting process and allowed them to add multiple products and services to their security solutions toolkits.

However, as any security professional — or any business professional — will tell you, getting from budget approval to spending is just the first step. With technology investment, particularly for high-visibility projects such as security, comes the expectation of improvement over your current situation. So has all this security investment actually solved the problem, or has it created new ones?

Too Many Security Solutions, Too Little Time

A recent study conducted by Forrester Consulting and commissioned by IBM explored security spending trends and how the resulting complexity has impacted organizations’ ability to react to risks and threats. For the report, Forrester Consulting surveyed 200 security professionals, and the resulting data lays bare a growing problem for today’s enterprises: The rapid addition of security solutions and services over the last few years has increased the complexity of these environments so much that it is extremely difficult to quickly and effectively identify and act on threats. In addition, so many disconnected point solutions have made it challenging to adequately demonstrate return on investment (ROI) for the products they have, thereby threatening future investment.

Register for the Webinar: “How Simplifying Your Cybersecurity Program Can Lead to Better Outcomes”

It’s probably not a huge surprise to most security professionals that a complex environment leads to delays in identifying and responding to security risks. What is surprising, however, is how organizations are benefiting by starting the process of simplifying their security environments. Certainly, speeding up the time it takes to identify risks and respond to security threats is an advantage. However, by simplifying their security ecosystem, organizations are using security to advance their business goals.

What Do Security Simplification Champions Have in Common?

Forty-four percent of Forrester’s respondents have already taken steps toward simplifying their security environments and have made good progress. Known as “champions,” these organizations can serve as a model for what other organizations can expect from these efforts. Let’s take a closer look at three key characteristics most security simplification champions have in common.

1. Improved Strategic Focus

According to the World Economic Forum (WEF)’s annual “Global Risks Report,” the world’s leaders rate cyber-related risks in the top right quadrant of global risks, both in terms of likelihood and impact. As the business focuses on cybersecurity, it will become more important for teams to shift their own perception of security from a cost center to a revenue generator. This requires the security team to think smarter about its spending and get the most out of every technology and service.

Simplification champions are fully aware of this: Two-thirds have been able to reduce their repetitive spending by adjusting processes, rethinking how existing tools are used and squeezing as much value as possible out of existing applications, according to Forrester. This helps them demonstrate value to the business while also giving the security team the flexibility to pivot on future security spending if needed.

2. Better Visibility and More Comprehensive Risk Identification

A security analyst typically investigates 20–25 incidents every day. Data silos make the investigation and coordination of attack response time-consuming and increase the likelihood that attack indicators will go undetected or ignored. That’s why 63 percent of simplification champions have consolidated multiple security solutions onto a single platform or with one vendor.

By reducing data silos and consolidating core capabilities under a single platform, organizations can get a more comprehensive view of their security data and the reach of each compromise. This reduces delays in sharing information and offers better control over each of the capabilities that are being managed.

3. Increased Cyber Resilience

A strong majority of champions — 75 percent — are satisfied with their ability to respond to threats, compared to only 42 percent of those that haven’t taken steps toward simplifying their network. A whopping 83 percent were satisfied with their ability to recover from a breach. Resilience is critical; studies have shown that improving cyber resilience can help organizations save millions of dollars in the event of a data breach.

Grow Your Business Over the Long Term

It’s important to note that simplification champions said they still had more work to do to simplify their security environments and that it’s likely to be an ongoing battle as the security landscape shifts. But by prioritizing simplification now, these security teams put themselves in a better position to adapt over time and continuously grow the business.

Download the “Complexity in Cybersecurity Report 2019”

More from CISO

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today