Regulatory requirements such as the General Data Protection Regulation (GDPR) and high-profile breaches have moved cybersecurity out of IT and into the board room. For security practitioners, this level of visibility has helped ease the budgeting process and allowed them to add multiple products and services to their security solutions toolkits.

However, as any security professional — or any business professional — will tell you, getting from budget approval to spending is just the first step. With technology investment, particularly for high-visibility projects such as security, comes the expectation of improvement over your current situation. So has all this security investment actually solved the problem, or has it created new ones?

Too Many Security Solutions, Too Little Time

A recent study conducted by Forrester Consulting and commissioned by IBM explored security spending trends and how the resulting complexity has impacted organizations’ ability to react to risks and threats. For the report, Forrester Consulting surveyed 200 security professionals, and the resulting data lays bare a growing problem for today’s enterprises: The rapid addition of security solutions and services over the last few years has increased the complexity of these environments so much that it is extremely difficult to quickly and effectively identify and act on threats. In addition, so many disconnected point solutions have made it challenging to adequately demonstrate return on investment (ROI) for the products they have, thereby threatening future investment.

Register for the Webinar: “How Simplifying Your Cybersecurity Program Can Lead to Better Outcomes”

It’s probably not a huge surprise to most security professionals that a complex environment leads to delays in identifying and responding to security risks. What is surprising, however, is how organizations are benefiting by starting the process of simplifying their security environments. Certainly, speeding up the time it takes to identify risks and respond to security threats is an advantage. However, by simplifying their security ecosystem, organizations are using security to advance their business goals.

What Do Security Simplification Champions Have in Common?

Forty-four percent of Forrester’s respondents have already taken steps toward simplifying their security environments and have made good progress. Known as “champions,” these organizations can serve as a model for what other organizations can expect from these efforts. Let’s take a closer look at three key characteristics most security simplification champions have in common.

1. Improved Strategic Focus

According to the World Economic Forum (WEF)’s annual “Global Risks Report,” the world’s leaders rate cyber-related risks in the top right quadrant of global risks, both in terms of likelihood and impact. As the business focuses on cybersecurity, it will become more important for teams to shift their own perception of security from a cost center to a revenue generator. This requires the security team to think smarter about its spending and get the most out of every technology and service.

Simplification champions are fully aware of this: Two-thirds have been able to reduce their repetitive spending by adjusting processes, rethinking how existing tools are used and squeezing as much value as possible out of existing applications, according to Forrester. This helps them demonstrate value to the business while also giving the security team the flexibility to pivot on future security spending if needed.

2. Better Visibility and More Comprehensive Risk Identification

A security analyst typically investigates 20–25 incidents every day. Data silos make the investigation and coordination of attack response time-consuming and increase the likelihood that attack indicators will go undetected or ignored. That’s why 63 percent of simplification champions have consolidated multiple security solutions onto a single platform or with one vendor.

By reducing data silos and consolidating core capabilities under a single platform, organizations can get a more comprehensive view of their security data and the reach of each compromise. This reduces delays in sharing information and offers better control over each of the capabilities that are being managed.

3. Increased Cyber Resilience

A strong majority of champions — 75 percent — are satisfied with their ability to respond to threats, compared to only 42 percent of those that haven’t taken steps toward simplifying their network. A whopping 83 percent were satisfied with their ability to recover from a breach. Resilience is critical; studies have shown that improving cyber resilience can help organizations save millions of dollars in the event of a data breach.

Grow Your Business Over the Long Term

It’s important to note that simplification champions said they still had more work to do to simplify their security environments and that it’s likely to be an ongoing battle as the security landscape shifts. But by prioritizing simplification now, these security teams put themselves in a better position to adapt over time and continuously grow the business.

Download the “Complexity in Cybersecurity Report 2019”

More from CISO

Who Carries the Weight of a Cyberattack?

Almost immediately after a company discovers a data breach, the finger-pointing begins. Who is to blame? Most often, it is the chief information security officer (CISO) or chief security officer (CSO) because protecting the network infrastructure is their job. Heck, it is even in their job title: they are the security officer. Security is their responsibility. But is that fair – or even right? After all, the most common sources of data breaches and other cyber incidents are situations caused…

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…