Cut cybersecurity costs without compromising protection

A rising inflation rate is prompting businesses to review expenditures. Philip Bindley, Managing Director of Cloud and Security at Intercity Technology, explores the steps businesses can take to cut cybersecurity costs without compromising protection.

The cost of living is surging at its fastest rate in 40 years, rising to 10.1% in September 2022. This has contributed to a ‘cost-of-doing-business’ crisis affecting firms across the country as they struggle with rapidly increasing costs of vital raw materials, fuel, wages, and energy to keep their companies running.

As a result, many companies are looking to make cost savings, including when it comes to cybersecurity. However, neglecting your security can have repercussions by putting your business in a vulnerable position for cybercriminals to exploit. The government ran the Cybersecurity Breaches Survey 2022, and found that 39% of businesses identified a cyberattack in the last year, causing companies to lose, on average, £4,200. Cybersecurity is now considered a high priority by more businesses.

CYBERSECURITY COSTS

There are primarily two cost centres when it comes to a business's cybersecurity expenditure. The first is the cost of the underpinning technology to detect, protect and defend an organisation against the ever-changing and rapidly increasing volume of cyber threats and attacks. Currently, the most significant impact on costs for these technologies is the exchange rate - as many of these vendors are US-based, and the weak pound is driving inflated pricing. With cyber threats now higher than ever before on the corporate risk profile, companies need to adequately support employees and protect their systems and data, which has increased cybersecurity expenditure.

The second cost is for those with cyber insurance, which is also rising. As the number and costs of claims against these policies have spiralled, the market has reacted in multiple ways, including increasing premiums, which is a direct cost increase to the policyholder. Underwriters of insurance policies insist on evidence of a high level of cybersecurity hygiene as an entry-level requirement for applying for cyber insurance or as a method for reducing premiums. This increases the cost to the business as they must adopt more technologies, add people, and mature processes to be eligible for cyber insurance protection.

GUIDING PRINCIPLES FOR CUTTING CYBERSECURITY COSTS

Over the last few decades, many businesses have acquired a suite of disparate technologies and tools to help defend themselves against cyberattacks. This has become over-complicated and expensive to maintain as having more technologies means working with more people, which runs the risk of poor management, ultimately defeating the purpose of their role.

More technologies also mean more vendors, licences, support agreements, training, and certifications, which all add to the cost. Technology has also moved on, and most of what many businesses have in place to protect endpoint, mobile, perimeter, cloud, email, and collaboration tools can be delivered by a single vendor. Keeping it simple is key to controlling cybersecurity costs. By consolidating cybersecurity vendors, businesses can simplify the number of technologies and tools they use to help defend themselves against cyberattacks, in turn saving money.

Businesses should also consider whether cybersecurity is something they can deliver themselves or whether there are external partners better placed with more resources, who offer 24/7 coverage, and investment into a skills base that is simply out of reach to deliver internally.

STEPS FOR CUTTING CYBERSECURITY SPENDING

In the current economic climate, businesses should carefully consider cutting any investment they are currently making in cybersecurity.

All businesses face and take risks. However, in the current macroeconomic and geo-political landscape, there are many factors that business leaders have little or no ability to influence that compromise cybersecurity risk. This includes inflation and rising energy prices, skills shortages, spiralling wage costs, and losing talent to those that can afford to pay more for your most talented and in-demand employees.

There is never a wrong time to review cybersecurity. Finding an expert, looking at what measures are currently in place, what the aspirations of the business are moving forwards, as well as understanding the skills you have and need, will allow you to build a plan to consolidate cybersecurity vendors. When done well, with little investment in time and nominal consultancy cost upfront, you can navigate to a less expensive and better-protected cyber plan.

HOW CAN BUSINESSES MAKE SURE THEY DON'T COMPROMISE ON OVERALL PROTECTION?

Businesses cannot part with cyber protection to save money without putting themselves at risk. While ransomware attack figures vary, it isn’t uncommon to see cybercriminals ask for figures north of £1M.

By following a simple philosophy, organisations can ensure that they have the correct level of protection commensurate with their specific risk and risk appetite, thus spending to protect what matters most to your business. Engaging cyber experts will help organisations build a strategy and roadmap to consolidate your cybersecurity technology estate to the point where it becomes more effective and less expensive both in the short and longer term.

Check out our recent on-demand webinar 'Securing your Digital Supply Chain without Breaking Budget' for more tips on how to keep security costs down in 2023.