Are you spending too much on IT security?

Features
By published

Fed up with enterprises using lack of budget as an excuse for not securing data properly, Davey Winder investigates whether organisations could actually do more with less.

According to Mark Heathcote, practice director at IT services firm Xceed, there are three common causes for IT security budgets being spent on the wrong things:

1. The press. Technologies that are being talked up by the media can result in security budgets being redirected into technologies that address one issue, but do not cover other threats.

All information security budget spend should be driven by quantified risk mitigation.

2. Technologies that the information security team find interesting. Just because our trusted specialist staff says we should be doing something, doesn't necessarily mean budgets should be diverted from elsewhere.

3. Vendor-driven proposals. There are many examples of vendors presenting their solutions to CIOs and being greeted by the reaction, we really should have this'. But, stop and think why this threat was not a consideration before and do not be driven to a solution just because it looks like a good thing to do.

"All information security budget spend should be driven by quantified risk mitigation. Not by vendors, not by the press and not by technical staff," Heathcote concludes. "Follow these principles and you will not only reduce the impact of real world threats on the business, but may also reduce how much you spend on it."

Davey Winder
Davey Winder

Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.

Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.

You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.

More about data breaches
NHS logo displayed on a smartphone screen in white lettering on a blue background.

NHS supplier hit with £3m fine for security failings that led to attack
Cybersecurity concept image symbolizing third-party data breaches with give padlock symbols and one pictured in red, signifying a security breach.

These five countries recorded the most third-party data breaches last year
Male software engineer working on a laptop at a home office desk with two PC monitors sitting on top of desk.

‘This shift highlights not just a continuation but a broad acceptance of remote work as the norm’: Software engineers are sticking with remote work and refusing to budge on RTO mandates – and 21% would quit if forced back to the office
See more latest