Three ways to cost-optimise your businesses cybersecurity

We have already covered the latest in information security in the context of investment trends.  

However, this article only scratches the surface of cyber security trends. Between security threats, data leaks, online scams, and national level cyber warfare the sector is constantly evolving. Businesses are up against it when you consider not only the big geopolitical threats but the increasing sophistication of criminal organisations. 

However, despite growing threats CISOs are consistently pushed on budget. I regularly meet with leading CISOs, and they all tell me a similar story – improvements must be made but budgets are not sufficient to counteract cyberrisk.   

To this backdrop, cybersecurity leaders are being pushed to cut costs from vendor portfolios to help organisations respond to macro political and economic trends. In many organisations, this cost cutting appears to be a necessity, with one report finding that 78% of Chief Information Security Officers (CISOs) have 16 or more tools in their cybersecurity portfolio, with 12% having 46 or more tools. These large vendor portfolios come with a massive financial cost.

So, what can you do to cost-optimise your cyber security vendor portfolio?   

Gartner recently published a report outlining three solutions to cost-optimise companies cyber security vendor portfolios, they are:

• Identify and internally shop for security tolls features to upgrade security capabilities while ridding vendor portfolio of redundancy  
• Optimise vendor contacts by working with Gartner BuySmart partners throughout the cyber security vendor acquisition process 
• Unlock untapped tools’ potential, as it is more cost effective than buying additional security tools   

Reduce portfolio redundancy  

Redundancy in the cybersecurity vendor portfolio arises due to overlapping tools. Nonetheless, advanced organisations understand redundancy occurs on a deeper level. Security tool features are the culprit of redundancy. Thus, it is much more common for tools to have several overlapping features than to totally overlap. 

Organisations which are advanced in their cybersecurity journey and have highly developed vendor portfolios view their range as a collection of tool features, from which they add or subtract based on security program strategy and organisation needs. 

The sourcing of these features can be done both internally, within the organisation, and externally with new vendors. Furthermore, non-security functions and business units within organisations may carry tools with untapped security potential. 

Work with tools like Gartner BuySmart  

According to Gartner, CISOs often have limited experience negotiating contracts. Moreover, smaller organisations may not have developed procurement teams, meaning the process can become convoluted and tricky. 

Additionally contracts often cannot be renegotiated for at least three years, this means newer leaders may not have experience negotiating with vendors at their current organisation. Gartner’s BuySmart framework helps organisations through all five steps of the buying cycle: 

1. Deciding what they really need to meet business outcomes

 2. Picking the right provider

 3. Aligning deal structures with business needs

 4. Optimising spend 

5. Reducing complexity and risks 

Ultimately, having a proper vendor contract in place makes it easier for CISOs to optimise their entire vendor portfolio.

Scale existing security tools    

Despite having several potential use cases, security tools are often used exclusively for the reasons they were bought. As such, a decent proportion of a security tool’s potential goes untapped within the cybersecurity vendor portfolio. 

Organisations with an advanced approach to information security are formalising the management of security tool effectiveness through more robust measurement and specialised personnel. This enhanced focus includes both the measurement and improvement of ineffective security tools within the cybersecurity vendor portfolio.  

Much of this work has been traditionally outsourced to third parties and consultancies. Yet outsourcing does not provide for the necessary, continuous management, which is key to identifying and improving security tool effectiveness. 

Cybersecurity talent as a cost-optimising tool 

How Marks Sattin can help you source cybersecurity talent 

At Marks Sattin, we have been collaborating with specialist IT talent for 35 years. Our established team IT recruitment team has a well-earned reputation of being proactive and meticulous in their approach to sourcing top talent. For more information on how we match candidates with the right client, contact us.