Preventing a cyberattack is more cost effective than reacting to one – so why aren’t more businesses investing in proactive cybersecurity programs?

More than ever, companies need to protect themselves from cyber threat actors

CISO’s need to ensure that their ROI in cybersecurity is on their agenda. Cyberattacks like ransomware, business email compromise (BEC) scams and data breaches are some of the key issues businesses are facing today, but despite the number of high-profile incidents, many industry leaders are reluctant to free up budget to invest in the cybersecurity measures.

Business leaders need to bolster spending to better protect their data but many industry figures aren’t willing to spend money on cybersecurity because they view it as an additional cost. However, companies and governmental organisations then find they have to spend more recovering from a cyber-incident after they get hacked. With the average cost of a data breach is between $4.2M and in regulated industries, like healthcare, finance and banking sectors, the costs can be much higher, with more dire consequences like a patient’s health data at risk and on a global basis. It is estimated that cybercrime will cost $10.5 trillion annually by 2025. The term ROI can be frequently misused and difficult to define in the cybersecurity realm. Looking at the current threat landscape can help determine the amount of investment companies and governmental organisations need to spend in order to protect their data. Geo-political risks and inflation woes are opening up more vulnerabilities and during-COVID, industries were forced to rapidly adapt to new remote and hybrid work models, exposing IT systems to a larger attack surface. This year alone, organisations predict a 53% increase in cybercrime. Investing in modern frameworks can help prevent breaches and help governmental organisations and industries save money on cybersecurity breaches, long term, by means of prevention. It can be difficult to quantify the returns on investing in cyber security – given the fact that cybersecurity is a preventative measure. The ROI needs to be based on how much loss an organisation could avoid if a security system was breached, it’s all about mitigating the risk that could potentially cause dire consequences. Organisations aiming to get the best out of their security controls and mitigate the most risk can adopt specialised frameworks and security teams to counteract cyber threats. For instance, running a threat informed defence, utilizing automated platforms such as Breach-and-Attack Simulation (BAS) to continuously test and validate their system. Businesses need be thorough when stress testing their networks against specific threats and network conditions in order to locate inefficiencies and ineffectiveness in a security operations centre. An absence of testing can lead to the tools and processes, in which the security systems operate, failing silently and repeatedly, putting valuable data at risk leading to expensive security breaches.

Similar to a fire drill, using BAS helps identify which controls are failing, allowing organizations to remediate gaps in their defences. BAS platforms utilize frameworks like MITRE ATT&CK to simulate real world cyber threats, so when a real one hits, cyber professionals know they are prepared. IDC illuminates the benefits of proactive strategies based on BAS, MITRE ATT&CK, and purple teaming — when collaboration happens between red and blue security teams.

The IDC report conducted five interviews with organisations from different geographical locations using automated platforms such as BAS, MITRE ATT&CK, and purple teaming – collecting a variety of quantitative and qualitative questions about their IT profiles and security operations. Study participants found the platform’s reliability improved their security posture and helped their security operations team mitigate risk better – resulting in a strong efficiency gain of 47% and a total average annual cost of savings of $4.7 million for interviewed organisations.

With new emerging threats as a result of remote work and increasing geo-political risks, the value of protecting your business and its data is more important than ever. Measuring the ROI in the cyber security arena is difficult to quantify, but CISO’s need to be aware the ability to avoid breaches is what adds the value. The IDC white paper is a valuable step to understanding the business impact of proactive cybersecurity programs.

About the Author

Ross Brewer is VP of EMEA & APJ of AttackIQ. Adversaries across the globe, from nation-states to criminal organizations, hold our businesses, democracy, and society at risk through cyberspace. Our mission at AttackIQ is to help solve that problem and make the world safe for compute. As the leading independent vendor of breach and attack simulation solutions, we built the industry’s first Security Optimization Platform for continuous security control validation and improving security program effectiveness and efficiency. We are trusted by leading organizations worldwide to identify security improvements and verify that cyberdefenses work as expected, aligned with the MITRE ATT&CK framework.

Featured image: ©PinkEyes