02-04-2025, 07:25 AM
News 7 tips for improving cybersecurity ROI
<div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p>When it comes to cybersecurity investments, smart money is directed toward initiatives that deliver the greatest protection at the lowest possible cost. But what appears to be a straightforward calculation can often be anything but.</p>
<p>CISOs perennially face challenges securing adequate funding to safeguard the enterprise, placing them often in difficult positions <a href="https://www.csoonline.com/article/3627485/blown-the-cybersecurity-budget-here-are-7-ways-cyber-pros-can-save-money.html">attempting to stretch resources</a> without jeopardizing the business.</p>
<p>Whether you’re looking to make the most of your cybersecurity budget or prove the value of cybersecurity operations in an effort to earn more investment in the future, getting maximum value out of your cybersecurity initiatives is vital. Here are 7 ways you can improve cybersecurity ROI.</p>
<h2 class="wp-block-heading" id="1-calculate-the-potential-financial-impact-of-cyber-threats">1. Calculate the potential financial impact of cyber threats</h2>
<p>Cybersecurity ROI can’t be measured simply on cost improvement, efficiency, or revenue enhancement, says Joyce Harkness, a director at technology research and advisory firm ISG. “Cybersecurity exists to make technology less risky to use for both enterprises and individuals,” she notes. “Accurate metrics enable organizations to make informed decisions, identify trends, and benchmark against competitors, allowing for strategic adjustments that lead to better outcomes.”</p>
<p>Harkness recommends taking a cyber risk quantification (CRQ) approach that measures risk in financial terms business leaders can easily understand and relate to.</p>
<p>“CRQ catches the eye of top leaders who want to manage cybersecurity investments using clear, business-accessible, non-technical metrics,” she explains. “In today’s fast-changing cybersecurity environment, CRQ measurements help refine and improve strategies, ensuring that limited resources can be used effectively, leading to results optimized for better business outcomes.”</p>
<p>Harkness adds that a CRQ approach also leads to stronger security initiatives while enhancing ROI.</p>
<h2 class="wp-block-heading" id="2-conduct-scenario-based-risk-assessments">2. Conduct scenario-based risk assessments</h2>
<p>An effective, yet often underutilized approach to improving ROI is to carry out quantitative, scenario-based risk assessments, suggests Or Klier, a partner and managing director with management advisory firm Boston Consulting Group.</p>
<p>“This approach, performed at different levels within the organization, allows the entire enterprise to optimize its portfolio of cybersecurity initiatives,” he says. “It ensures that every dollar spent directly contributes to measurable risk reduction.”</p>
<p>A scenario-based risk assessment drives effectiveness in three ways, says Vanessa Lyon, a Boston Consulting Group managing director and senior partner. “It identifies and quantifies the financial impact of risks, making it clear which initiatives deliver the most value,” she explains. Additionally, by linking cybersecurity initiatives to business outcomes, the approach ensures decisions that are risk-driven, not just compliance-mandated. “Combining granular assessments of critical assets with corporate-wide strategies creates a balanced approach that covers both specific and systemic risks,” Lyon notes.</p>
<h2 class="wp-block-heading" id="3-pool-security-resources-with-industry-partners">3. Pool security resources with industry partners</h2>
<p>Tap into threat intelligence sharing networks within your industry to proactively defend against emerging threats targeting specific sectors, recommends Steve Tcherchian, CISO of security technology firm XYPRO.com.</p>
<p>“By pooling resources and insights, enterprises can mitigate risks more cost-effectively than addressing them in isolation — for example, financial services firms sharing threat intelligence to collectively strengthen their defenses,” he says.</p>
<p><a href="https://www.csoonline.com/article/567109/how-threat-intelligence-sharing-can-improve-the-security-posture-of-whole-industries.html">Sharing security intelligence and resources</a> provides early warning about specific threats and exploits targeting your sector, Tcherchian adds. “This allows everyone within that industry to prepare defenses before an attack hits,” he says. “This collaborative approach reduces duplicate efforts and spreads the cost of intelligence across the industry network.”</p>
<p>To get started, Tcherchian recommends joining an <a href="https://www.csoonline.com/article/567485/what-is-an-isac-or-isao-how-these-cyber-threat-information-sharing-organizations-improve-security.html">industry-specific information sharing group</a>, such as those recommended by <a href="https://www.nationalisacs.org/">The National Council of ISACs</a>, or simply create a private consortium with trusted peers. “Integrate the shared intelligence into your SIEM or threat detection systems for automated alerting and response and share your efforts,” he says.</p>
<h2 class="wp-block-heading" id="4-let-ai-handle-routine-tasks">4. Let AI handle routine tasks</h2>
<p><a href="https://www.csoonline.com/article/3619006/generative-ai-cybersecurity-use-cases-are-expanding-fast-but-experts-say-caution-is-warranted.html">Using generative AI</a> to manage repetitive, operational security tasks is a game-changer for boosting cybersecurity ROI, says Nikhil Sarnot, managing director at Accenture’s security unit.</p>
<p>“Whether automating intake and triage, performing vulnerability code reviews, or monitoring compliance, gen AI delivers speed, consistency, and scalability,” he notes.</p>
<p>Based on recent proof of concepts, and an analysis of human resource costs, both internal and external, Sarnot says he sees the potential to achieve sustained cost reductions of 30% to 50%, depending on the organization’s current cybersecurity investments, while exponentially increasing the scope and depth of security activities.</p>
<p>Gen AI allows cybersecurity professionals to offload routine, time-intensive tasks while maintaining accuracy, Sarnot says. Unlike traditional AI/ML techniques, limited by the need for structured data, gen AI can integrate diverse cybersecurity signals and effectively handle abstract or unstructured data that previously required human review. This allows cybersecurity professionals to focus on higher-value, novel work, such as strategic cyber risk management and threat modeling. “Ultimately, it’s about scaling smarter, improving efficiency, and reducing burnout from manual workflows,” he says.</p>
<p>Sarnot recommends starting small by automating high-volume, resource-intensive workflows currently supported by humans leveraging runbooks. “Adopt an appropriate retrieval-augmented generation (RAG) model to ensure that the foundation model always uses the most relevant organizational context,” he advises. “Then build confidence gradually by expanding to more complex tasks, such as analyzing code for security and privacy risks.”</p>
<p>Ultimately, successful adoption depends on seamlessly integrating gen AI into existing tools and workflows while maintaining oversight through a robust human-AI collaboration model, Sarnot says. Yet it’s important to approach the technology cautiously. “While its potential is immense, gen AI’s capabilities are still in the early stages of understanding and adoption among security professionals,” he recommends.</p>
<h2 class="wp-block-heading" id="5-embed-a-finops-engineer-into-your-team">5. Embed a FinOps engineer into your team</h2>
<p>FinOps engineers can identify low-hanging fruit for cost optimization in the areas of your greatest spend, says Richard Marcus, CISO at AuditBoard, an audit, risk, and compliance software provider. “They are experts in license optimization, vendor negotiation and, most importantly, rationalization and de-duplication in your solution portfolio.”</p>
<p>A <a href="https://www.cio.com/article/416337/what-is-finops-your-guide-to-cloud-cost-management.html">FinOps</a> engineer can <a href="https://www.cio.com/article/3608274/security-finops-collaboration-can-reap-hidden-cloud-benefits-11-tips.html">identify ways to find savings</a> by migrating to service and resource types that are the most cost-effective and a better overall fit for specific protection needs. Most security costs are based on the infrastructure footprint as a scaling factor, Marcus observes.</p>
<p>“By rightsizing the infrastructure, you can save not just on the infrastructure costs themselves, but also on all of the security solutions that are needed to protect the infrastructure, such as WAF, IDS, and many others,” Marcus says, adding that FinOps engineers can also ensure that maximum value is being obtained from various vendor-provided solutions.</p>
<h2 class="wp-block-heading" id="6-invest-in-automation">6. Invest in automation</h2>
<p>Automation is a proven way to improve cybersecurity ROI, both in enhanced security and bottom-line savings. Jon Taylor, a director and security principal at SASE and SD-WAN technology provider Versa Networks, is a strong believer in AIOps, a practice that uses artificial intelligence and machine learning to enhance and automate numerous IT operations, including security.</p>
<p><a href="https://www.cio.com/article/196239/what-is-aiops-injecting-intelligence-into-it-operations.html">AIOps</a> can, for example, radically improve the performance of security operations by prioritizing critical incidents and presenting the most relevant cause as the leaping off point for any investigation, he says. “When integrated into infrastructure and workflows, you could be measuring incident response in seconds and minutes instead of hours and days,” Taylor notes.</p>
<h2 class="wp-block-heading" id="7-be-proactive">7. Be proactive</h2>
<p>Continuous threat exposure management (CTEM), a term coined by Gartner, prioritizes and remediates threats. It’s a proactive approach to cybersecurity that continuously identifies, prioritizes, and mitigates exposure to potential threats, aligning security efforts with business objectives, says Tia Hopkins, chief cyber resilience officer and field CTO at managed detection and response firm eSentire.</p>
<p>“CTEM leverages data-driven insights and ongoing validation to optimize risk reduction and maximize the effectiveness of security investments,” she says.</p>
<p>CTEM aligns enterprise security investments with measurable outcomes by continuously assessing and addressing potential threat exposures across the organization. “Done well, it also improves cross-functional communication and drives prioritization by helping organizations focus their resources on their most critical risks,” Hopkins says.</p>
<p>CTEM adoption consists of five stages: scoping, discovery, prioritization, validation, and mobilization.</p>
<p>“Start with scoping to define objectives and identify assets, threats, and business context,” Hopkins advises. Then, move to discovery to map exposures, vulnerabilities, and attack paths across the organization. Use prioritization to focus on the most critical risks by using data-driven metrics, followed by validation to ensure the effectiveness of security controls and verify critical attack paths.</p>
<p>“Finally, leverage mobilization to integrate findings into actionable workflows, automate processes, and continuously improve the organization’s security posture based on evolving threats,” she says.</p>
</div></div></div></div>
https://www.csoonline.com/article/381287...y-roi.html
<div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p>When it comes to cybersecurity investments, smart money is directed toward initiatives that deliver the greatest protection at the lowest possible cost. But what appears to be a straightforward calculation can often be anything but.</p>
<p>CISOs perennially face challenges securing adequate funding to safeguard the enterprise, placing them often in difficult positions <a href="https://www.csoonline.com/article/3627485/blown-the-cybersecurity-budget-here-are-7-ways-cyber-pros-can-save-money.html">attempting to stretch resources</a> without jeopardizing the business.</p>
<p>Whether you’re looking to make the most of your cybersecurity budget or prove the value of cybersecurity operations in an effort to earn more investment in the future, getting maximum value out of your cybersecurity initiatives is vital. Here are 7 ways you can improve cybersecurity ROI.</p>
<h2 class="wp-block-heading" id="1-calculate-the-potential-financial-impact-of-cyber-threats">1. Calculate the potential financial impact of cyber threats</h2>
<p>Cybersecurity ROI can’t be measured simply on cost improvement, efficiency, or revenue enhancement, says Joyce Harkness, a director at technology research and advisory firm ISG. “Cybersecurity exists to make technology less risky to use for both enterprises and individuals,” she notes. “Accurate metrics enable organizations to make informed decisions, identify trends, and benchmark against competitors, allowing for strategic adjustments that lead to better outcomes.”</p>
<p>Harkness recommends taking a cyber risk quantification (CRQ) approach that measures risk in financial terms business leaders can easily understand and relate to.</p>
<p>“CRQ catches the eye of top leaders who want to manage cybersecurity investments using clear, business-accessible, non-technical metrics,” she explains. “In today’s fast-changing cybersecurity environment, CRQ measurements help refine and improve strategies, ensuring that limited resources can be used effectively, leading to results optimized for better business outcomes.”</p>
<p>Harkness adds that a CRQ approach also leads to stronger security initiatives while enhancing ROI.</p>
<h2 class="wp-block-heading" id="2-conduct-scenario-based-risk-assessments">2. Conduct scenario-based risk assessments</h2>
<p>An effective, yet often underutilized approach to improving ROI is to carry out quantitative, scenario-based risk assessments, suggests Or Klier, a partner and managing director with management advisory firm Boston Consulting Group.</p>
<p>“This approach, performed at different levels within the organization, allows the entire enterprise to optimize its portfolio of cybersecurity initiatives,” he says. “It ensures that every dollar spent directly contributes to measurable risk reduction.”</p>
<p>A scenario-based risk assessment drives effectiveness in three ways, says Vanessa Lyon, a Boston Consulting Group managing director and senior partner. “It identifies and quantifies the financial impact of risks, making it clear which initiatives deliver the most value,” she explains. Additionally, by linking cybersecurity initiatives to business outcomes, the approach ensures decisions that are risk-driven, not just compliance-mandated. “Combining granular assessments of critical assets with corporate-wide strategies creates a balanced approach that covers both specific and systemic risks,” Lyon notes.</p>
<h2 class="wp-block-heading" id="3-pool-security-resources-with-industry-partners">3. Pool security resources with industry partners</h2>
<p>Tap into threat intelligence sharing networks within your industry to proactively defend against emerging threats targeting specific sectors, recommends Steve Tcherchian, CISO of security technology firm XYPRO.com.</p>
<p>“By pooling resources and insights, enterprises can mitigate risks more cost-effectively than addressing them in isolation — for example, financial services firms sharing threat intelligence to collectively strengthen their defenses,” he says.</p>
<p><a href="https://www.csoonline.com/article/567109/how-threat-intelligence-sharing-can-improve-the-security-posture-of-whole-industries.html">Sharing security intelligence and resources</a> provides early warning about specific threats and exploits targeting your sector, Tcherchian adds. “This allows everyone within that industry to prepare defenses before an attack hits,” he says. “This collaborative approach reduces duplicate efforts and spreads the cost of intelligence across the industry network.”</p>
<p>To get started, Tcherchian recommends joining an <a href="https://www.csoonline.com/article/567485/what-is-an-isac-or-isao-how-these-cyber-threat-information-sharing-organizations-improve-security.html">industry-specific information sharing group</a>, such as those recommended by <a href="https://www.nationalisacs.org/">The National Council of ISACs</a>, or simply create a private consortium with trusted peers. “Integrate the shared intelligence into your SIEM or threat detection systems for automated alerting and response and share your efforts,” he says.</p>
<h2 class="wp-block-heading" id="4-let-ai-handle-routine-tasks">4. Let AI handle routine tasks</h2>
<p><a href="https://www.csoonline.com/article/3619006/generative-ai-cybersecurity-use-cases-are-expanding-fast-but-experts-say-caution-is-warranted.html">Using generative AI</a> to manage repetitive, operational security tasks is a game-changer for boosting cybersecurity ROI, says Nikhil Sarnot, managing director at Accenture’s security unit.</p>
<p>“Whether automating intake and triage, performing vulnerability code reviews, or monitoring compliance, gen AI delivers speed, consistency, and scalability,” he notes.</p>
<p>Based on recent proof of concepts, and an analysis of human resource costs, both internal and external, Sarnot says he sees the potential to achieve sustained cost reductions of 30% to 50%, depending on the organization’s current cybersecurity investments, while exponentially increasing the scope and depth of security activities.</p>
<p>Gen AI allows cybersecurity professionals to offload routine, time-intensive tasks while maintaining accuracy, Sarnot says. Unlike traditional AI/ML techniques, limited by the need for structured data, gen AI can integrate diverse cybersecurity signals and effectively handle abstract or unstructured data that previously required human review. This allows cybersecurity professionals to focus on higher-value, novel work, such as strategic cyber risk management and threat modeling. “Ultimately, it’s about scaling smarter, improving efficiency, and reducing burnout from manual workflows,” he says.</p>
<p>Sarnot recommends starting small by automating high-volume, resource-intensive workflows currently supported by humans leveraging runbooks. “Adopt an appropriate retrieval-augmented generation (RAG) model to ensure that the foundation model always uses the most relevant organizational context,” he advises. “Then build confidence gradually by expanding to more complex tasks, such as analyzing code for security and privacy risks.”</p>
<p>Ultimately, successful adoption depends on seamlessly integrating gen AI into existing tools and workflows while maintaining oversight through a robust human-AI collaboration model, Sarnot says. Yet it’s important to approach the technology cautiously. “While its potential is immense, gen AI’s capabilities are still in the early stages of understanding and adoption among security professionals,” he recommends.</p>
<h2 class="wp-block-heading" id="5-embed-a-finops-engineer-into-your-team">5. Embed a FinOps engineer into your team</h2>
<p>FinOps engineers can identify low-hanging fruit for cost optimization in the areas of your greatest spend, says Richard Marcus, CISO at AuditBoard, an audit, risk, and compliance software provider. “They are experts in license optimization, vendor negotiation and, most importantly, rationalization and de-duplication in your solution portfolio.”</p>
<p>A <a href="https://www.cio.com/article/416337/what-is-finops-your-guide-to-cloud-cost-management.html">FinOps</a> engineer can <a href="https://www.cio.com/article/3608274/security-finops-collaboration-can-reap-hidden-cloud-benefits-11-tips.html">identify ways to find savings</a> by migrating to service and resource types that are the most cost-effective and a better overall fit for specific protection needs. Most security costs are based on the infrastructure footprint as a scaling factor, Marcus observes.</p>
<p>“By rightsizing the infrastructure, you can save not just on the infrastructure costs themselves, but also on all of the security solutions that are needed to protect the infrastructure, such as WAF, IDS, and many others,” Marcus says, adding that FinOps engineers can also ensure that maximum value is being obtained from various vendor-provided solutions.</p>
<h2 class="wp-block-heading" id="6-invest-in-automation">6. Invest in automation</h2>
<p>Automation is a proven way to improve cybersecurity ROI, both in enhanced security and bottom-line savings. Jon Taylor, a director and security principal at SASE and SD-WAN technology provider Versa Networks, is a strong believer in AIOps, a practice that uses artificial intelligence and machine learning to enhance and automate numerous IT operations, including security.</p>
<p><a href="https://www.cio.com/article/196239/what-is-aiops-injecting-intelligence-into-it-operations.html">AIOps</a> can, for example, radically improve the performance of security operations by prioritizing critical incidents and presenting the most relevant cause as the leaping off point for any investigation, he says. “When integrated into infrastructure and workflows, you could be measuring incident response in seconds and minutes instead of hours and days,” Taylor notes.</p>
<h2 class="wp-block-heading" id="7-be-proactive">7. Be proactive</h2>
<p>Continuous threat exposure management (CTEM), a term coined by Gartner, prioritizes and remediates threats. It’s a proactive approach to cybersecurity that continuously identifies, prioritizes, and mitigates exposure to potential threats, aligning security efforts with business objectives, says Tia Hopkins, chief cyber resilience officer and field CTO at managed detection and response firm eSentire.</p>
<p>“CTEM leverages data-driven insights and ongoing validation to optimize risk reduction and maximize the effectiveness of security investments,” she says.</p>
<p>CTEM aligns enterprise security investments with measurable outcomes by continuously assessing and addressing potential threat exposures across the organization. “Done well, it also improves cross-functional communication and drives prioritization by helping organizations focus their resources on their most critical risks,” Hopkins says.</p>
<p>CTEM adoption consists of five stages: scoping, discovery, prioritization, validation, and mobilization.</p>
<p>“Start with scoping to define objectives and identify assets, threats, and business context,” Hopkins advises. Then, move to discovery to map exposures, vulnerabilities, and attack paths across the organization. Use prioritization to focus on the most critical risks by using data-driven metrics, followed by validation to ensure the effectiveness of security controls and verify critical attack paths.</p>
<p>“Finally, leverage mobilization to integrate findings into actionable workflows, automate processes, and continuously improve the organization’s security posture based on evolving threats,” she says.</p>
</div></div></div></div>
https://www.csoonline.com/article/381287...y-roi.html