• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Reallocating your security budget

June 24, 2015 by Secure360 and UMSA

Where is your security budget going

Copyright: 123rf/Igor Stevanovic

The security industry is exploding with employment opportunities, products and startups, yet we continue to hear of data hacks and breaches affecting organizations on a regular basis. Companies now need to know how to efficiently respond to a cyber attack, as well as manage the aftermath.

Last year, businesses were spending almost $400 per employee on security efforts, and a new study for 2015 found that 75% of CIOs plan to invest even more in cybersecurity this year as it is a top concern. Although this increase in spending and attention on cyber attack prevention is a step in the right direction, many companies are spending their resources without really understanding the best practices and tools to prevent breaches within their company.

Where are your cybersecurity resources going?

In a recent interview with Information Week’s Dark Reading, Jason Straight, senior vice president and chief privacy officer at UnitedLex, which provides outsourcing services and support for the legal industry, spoke on what organizations are doing wrong:

“Misallocation of security resources: we continue to be more focused on perimeter protection than on internal controls and monitoring. It’s clear that attackers are already inside or could be anytime they want and there’s nothing you can do about it on the perimeter. We continue to dump money in there, which is exactly what the security industry wants you to do. There’s a ton of money in selling all these tools. The big reason people are not focused as much internally is that it’s hard.”

Focusing on interior vs. perimeter

Surveys of companies found that many already had cyber security software lying around but unused. It was found that 4.8% of security software was not being used at all, and almost 24% was working but could be better. Now let’s show these statistics with dollar signs: for every $115 spent on security software, $33 were either underutilized or never used at all. In a company of 500 employees, $16,000 worth of investments is being wasted.

The most common response for wasted security tools was a shortage of IT resources, including lack of time to implement tools, not enough training and too few team members.

  • 35% said IT was too busy to implement security tools
  • 33% said their IT teams did not have enough staff
  • 19% said they lacked knowledge of purchased security software
  • 17% said they lacked training to employ new software

While it is smart to be purchasing cyber security systems for an organization, businesses should set realistic expectations for IT staff resources, and budget the department accordingly to minimize the problems of underutilized security programs. There should be a fine balance of time and finances that are spent on both perimeter security tools and the interior department that will implement these tools. Management should not only be allotting a budget for higher skilled security talent, but also for in-person security training and cyber security education across the organization. While it may seem smart to save money by hiring cheaper security employees or eliminating training, in the long run this increases the risks of your organization experiencing a data breach.

Filed Under: Physical Security

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Comments

  1. Kelley Archer says

    June 24, 2015 at 12:47 pm

    This is so true. Another company is outsourcing IT overseas but is missing the big picture on internal issues and downsizing Security for the sake of saving $$$$. You just can’t teach stupid!

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Secure360 Conference
    Secure360 Conference: With #Sec360 2022 officially in the books, we wanted to share a little recap of the fun! https://t.co/iMPwAp1Kac … https://t.co/kk7xRUXoRo
    about 2 days ago

  2. Fusion Learning Partners
    Fusion Learning Partners: Congratulations @UMSAOrg on a successful 2022 #Secure360 event! We are honored to be part of your conference team &… https://t.co/RbT7IEG49G
    about 2 days ago

  3. smallarmy
    smallarmy: @TylerCohenWood @Secure360 Good
    about 4 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.