Budgeting for Cyber Security post-COVID: Three Golden Rules for the C-Suite

Jean-Christophe Gaillard Jean-Christophe Gaillard
December 16, 2020 Future of Work

This is not just about tech, and there is no tech silver bullet which can buy you cyber resilience

The COVID crisis is presenting most businesses with unprecedented situations – for good, bad or worse. Uncertainty still dominates but the recession ahead is likely to be deep and could be protracted. Millions of people have already lost their jobs across the world, and many organisations are bracing for further significant spending cuts, in the face of a dwindling economic activity. Even in thriving sectors, budgetary caution seems to be the norm amongst C-level executives.

One thing the pandemic has not pushed off the radar, is cyber security. As a matter of fact, the volume of cyber-attacks increased to “alarming levels” according to Interpol during the heart of the crisis. For businesses now totally dependent on remote working, e-commerce or digital supply chains, a serious security breach is the last thing they want…

CEOs, CFOs and CIOs should not jump to ready-made conclusions around cyber security ahead of their next budgeting round. Here are three golden rules for them to consider as they plan ahead.

 Think carefully before making drastic arbitrary cuts around cyber security

Consider carefully and without complacency your actual level of cyber security maturity, and the level of digital dependency the COVID crisis has brought upon you.

Look at the bigger picture: Only serious defence-in-depth can guarantee you a degree of cyber resilience. That means the actual application of protective measures at preventative, detective, mitigative and reactive levels. Doing pen tests every now and then and sending awareness emails to the staff twice a year – while probably better than not doing anything at all – does not constitute a security practice.

Do not ignore your degree of dependency on third-party business partners or cloud service providers, and the implied degree of trust you are placing on the solidity of THEIR cyber defences. How much do you really know of what they are actually doing to protect your data or your processes?

If you don’t think you are in a good place on those matters, now is not the time to cut cyber security spending to the ground.

 Focus budgeting on the protection of key assets

 Equally, now is not the time to try to solve all the problems you may have around cyber security: You need to identify your key assets and focus efforts on those, whatever they might be: Systems, business processes, business units or geographies.

Focus on clear, simple, tangible, affordable and measurable tasks with a short to mid-term horizon. Now is not the time to engage in multi-year projects, which the general economic uncertainty is likely to affect or kill.

 Focus budgeting on areas where you know you can execute

 Finally, now is not the time for large-scale and complex pet-projects: Ignore the sirens from the tech industry – there are countless vendors out there with their own “silver bullet” to solve all your problems – and focus on areas where you have the skills to deliver and know you can execute: It’s only the actual implementation of protective measures, across the real breadth and depth of the enterprise, which will protect your business. Not snake oil and false promises.

And limit the complexity of what you are trying to achieve to a level your teams can manage and absorb. Consider carefully the dependencies between the security tasks you are undertaking and the cross-silos implications amongst stakeholders: You may need the involvement of HR, legal, procurement or business executives depending on what you are trying to achieve (for example around identity management, or data privacy compliance). Make sure the priorities are clear for them too.

Fundamentally, remember: This is not just about tech, and there is no tech silver bullet which can buy you cyber resilience – irrespective of what countless vendors would like you to believe. It can only come through concerted action at people, process and technology levels, and the real execution of protective measures.

  • Experfy Insights

    Top articles, research, podcasts, webinars and more delivered to you monthly.

  • Jean-Christophe Gaillard

    Tags
    BudgetingCyber SecurityPost-Covid-19
    Leave a Comment
    Next Post
    IoT and COVID-19

    IoT and COVID-19

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    More in Future of Work
    Future of Work
    Where Will, the Future of Work, Take Place? (Office, Remote, or Hybrid)

    Changes in machine learning and advances in automation have already changed work for many industries. Still, the COVID-19 pandemic and recent labor shortages forced many brands to rethink what the future of work will look like going forward. The U.S. Bureau of Labor Statistics recently reported a dropping unemployment rate of 4.2% during the fourth

    4 MINUTES READ Continue Reading »
    Future of Work
    7 Tech Companies Changing the Future of Work

    Much has been reported about the impact of the COVID-19 pandemic in the traditional workplace. The effects of the pandemic are expected to be long-lasting, making it challenging for companies across all industries to keep operations running smoothly. Globally, companies had to be agile and adapt to a new normal, in addition to dealing with

    5 MINUTES READ Continue Reading »
    AI & Machine Learning,Future of Work
    AI’s Role in the Future of Work

    Artificial intelligence is shaping the future of work around the world in virtually every field. The role AI will play in employment in the years ahead is dynamic and collaborative. Rather than eliminating jobs altogether, AI will augment the capabilities and resources of employees and businesses, allowing them to do more with less. In more

    5 MINUTES READ Continue Reading »

    About Us

    Incubated in Harvard Innovation Lab, Experfy specializes in pipelining and deploying the world's best AI and engineering talent at breakneck speed, with exceptional focus on quality and compliance. Enterprises and governments also leverage our award-winning SaaS platform to build their own customized future of work solutions such as talent clouds.

    Join Us At

    Contact Us

    1700 West Park Drive, Suite 190
    Westborough, MA 01581

    Email: support@experfy.com

    Toll Free: (844) EXPERFY or
    (844) 397-3739

    © 2023, Experfy Inc. All rights reserved.