Regulatory requirements such as the General Data Protection Regulation (GDPR) and high-profile breaches have moved cybersecurity out of IT and into the board room. For security practitioners, this level of visibility has helped ease the budgeting process and allowed them to add multiple products and services to their security solutions toolkits.

However, as any security professional — or any business professional — will tell you, getting from budget approval to spending is just the first step. With technology investment, particularly for high-visibility projects such as security, comes the expectation of improvement over your current situation. So has all this security investment actually solved the problem, or has it created new ones?

Too Many Security Solutions, Too Little Time

A recent study conducted by Forrester Consulting and commissioned by IBM explored security spending trends and how the resulting complexity has impacted organizations’ ability to react to risks and threats. For the report, Forrester Consulting surveyed 200 security professionals, and the resulting data lays bare a growing problem for today’s enterprises: The rapid addition of security solutions and services over the last few years has increased the complexity of these environments so much that it is extremely difficult to quickly and effectively identify and act on threats. In addition, so many disconnected point solutions have made it challenging to adequately demonstrate return on investment (ROI) for the products they have, thereby threatening future investment.

Register for the Webinar: “How Simplifying Your Cybersecurity Program Can Lead to Better Outcomes”

It’s probably not a huge surprise to most security professionals that a complex environment leads to delays in identifying and responding to security risks. What is surprising, however, is how organizations are benefiting by starting the process of simplifying their security environments. Certainly, speeding up the time it takes to identify risks and respond to security threats is an advantage. However, by simplifying their security ecosystem, organizations are using security to advance their business goals.

What Do Security Simplification Champions Have in Common?

Forty-four percent of Forrester’s respondents have already taken steps toward simplifying their security environments and have made good progress. Known as “champions,” these organizations can serve as a model for what other organizations can expect from these efforts. Let’s take a closer look at three key characteristics most security simplification champions have in common.

1. Improved Strategic Focus

According to the World Economic Forum (WEF)’s annual “Global Risks Report,” the world’s leaders rate cyber-related risks in the top right quadrant of global risks, both in terms of likelihood and impact. As the business focuses on cybersecurity, it will become more important for teams to shift their own perception of security from a cost center to a revenue generator. This requires the security team to think smarter about its spending and get the most out of every technology and service.

Simplification champions are fully aware of this: Two-thirds have been able to reduce their repetitive spending by adjusting processes, rethinking how existing tools are used and squeezing as much value as possible out of existing applications, according to Forrester. This helps them demonstrate value to the business while also giving the security team the flexibility to pivot on future security spending if needed.

2. Better Visibility and More Comprehensive Risk Identification

A security analyst typically investigates 20–25 incidents every day. Data silos make the investigation and coordination of attack response time-consuming and increase the likelihood that attack indicators will go undetected or ignored. That’s why 63 percent of simplification champions have consolidated multiple security solutions onto a single platform or with one vendor.

By reducing data silos and consolidating core capabilities under a single platform, organizations can get a more comprehensive view of their security data and the reach of each compromise. This reduces delays in sharing information and offers better control over each of the capabilities that are being managed.

3. Increased Cyber Resilience

A strong majority of champions — 75 percent — are satisfied with their ability to respond to threats, compared to only 42 percent of those that haven’t taken steps toward simplifying their network. A whopping 83 percent were satisfied with their ability to recover from a breach. Resilience is critical; studies have shown that improving cyber resilience can help organizations save millions of dollars in the event of a data breach.

Grow Your Business Over the Long Term

It’s important to note that simplification champions said they still had more work to do to simplify their security environments and that it’s likely to be an ongoing battle as the security landscape shifts. But by prioritizing simplification now, these security teams put themselves in a better position to adapt over time and continuously grow the business.

Download the “Complexity in Cybersecurity Report 2019”

More from CISO

Poor Communication During a Data Breach Can Cost You — Here’s How to Avoid It

5 min read - No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. But what’s talked about less often (and we think should be talked about more) is how communication — both good and bad — factors into…

5 min read

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Do You Really Need a CISO?

2 min read - Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer. A CISO is a senior executive in charge of an organization’s information, cyber and technology security. CISOs need a complete understanding of cybersecurity as well as the business, the board, the C-suite and how to speak in the language of senior leadership. It’s a changing role in a changing world. But…

2 min read

What “Beginner” Skills do Security Leaders Need to Refresh?

4 min read - The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the CISO must have a broad range of skills to maintain adequate security and collaborate with teams of varying technical expertise. Learning is essential to simply keep pace in security. In a CISO Series podcast, Skillsoft CISO Okey Obudulu recently said,…

4 min read