Q + A + Q + A + Q + A + Q + A + Q + A + Q + A + Q + A +
RORY DUNCAN, SECURITY
GTM LEADER, UK, NTT LTD
EDITOR’S QUESTION
According to NTT’s global 2019
Risk:Value report which explores
why organisations are failing to
make progress with their security, security
budgets are failing to keep up with
increasing cybersecurity risk. There has only
been a minimal increase in the percentage
of IT budgets attributed to security (15%),
while the percentage of the operations
budget attributed to security has fallen
since 2018 to 16%.
While security spending has fallen, the
estimated revenue loss (following a data
breach) in percentage terms is up year-onyear
– 12.7% in 2019, compared to 10.3%
in 2018 and 9.9% in 2017, according to
the report. The cost of recovery is US$1.2
million, on average.
During the current crisis, organisations
are being forced to adapt to changing
circumstances and prepare for a post-
COVID-19 world.
With more people working from home,
the focus is on trying to maintain
‘business as usual’, supporting staff in
virtual work environments, complete with
collaboration tools, file sharing, video and
teleconferencing facilities.
Security processes and systems must be
in place to support this new structure and
ensure people can work remotely, but
securely and with confidence. As a result,
it’s likely that many security projects or
initiatives where budget would have been
allocated may have to be put on hold.
Ensuring the security basics are in place, such
as patch management (NTT’s Global Threat
Intelligence Report 2020 shows that old
vulnerabilities remain an active target) and
having incident response plans in place that
are communicated to staff and tested on a
regular basis, is critical during this time.
Post-COVID-19 security budgets will need to
consider the implications of supporting more
remote workers for longer periods, and the
need to put controls in place for these new
working models.
For example, recognising the unexpected
spend to move people to remote working,
and other actions to keep the business
running, such as replacing BYOD or home
computing kit with corporate-controlled
devices, as well as the consumption
models of more cloud-based services.
There’s also the question about how much
office space is needed in the future,
and for whom.
Reverting back to my opening comments
about allocation of budgets for security,
what’s really interesting is the fact that
a global pandemic has changed the way
most of us work.
Despite all the disruption, changes and
adjustments we have had to make,
businesses have continued to function
and security has been an important part
of this.
This will help CISOs in their board-level
conversations when it comes to securing
budget – it’s not just security, it’s
business investment.
www.intelligentcio.com
INTELLIGENTCIO
35