A Look at Gartner’s Report: The Urgency to Treat Cybersecurity as a Business Decision
After years of accelerated cybersecurity spending, it looks like company decision-makers are starting to pull back on the throttle. Security spending is forecast to decline over the next two years, and CISOs will need to up their game to justify their budget requests in front of the board and executives. It’s critical for CISOs to understand how these budget decisions are made, and how to come to the table ready to communicate your security program needs with the supporting data that sways C-level decision-makers. We’ve found a great report discussing these challenges and recommendations for the CISO to show that security is aligned with business objectives.
According to Gartner’s (2021) report, “The Urgency to Treat Cybersecurity as a Business Decision,” they state, “This disconnect between executive decision making and effective cybersecurity is what should keep executives awake at night. And it should focus their attention on new ways to approach the problem.” Additionally, Gartner states, “Gartner projections show the growth in cybersecurity spend is slowing. Cybersecurity grew at 12% (CAGR) in 2018, and it is projected to decline to only 7% (CAGR) by 2023. Gartner clients are also reporting that after years of quarterly reporting on cybersecurity to their boards, that boards are now pushing back and asking for improved data and understanding of what they have achieved after years of such heavy investment. (Proctor, 2021)”
Here’s how Gartner suggests CISOs address these challenges, and how Blue Lava supports CISOs on this journey.
Gartner’s three key challenges include:
- Cybersecurity spending growth is slowing through 2023, while boards are starting to push back and ask what they have achieved after years of heavy cybersecurity spending.
- Boards and senior executives are asking the wrong questions about cybersecurity, leading to poor investment decisions.
- Many current approaches to improve cybersecurity are falling short of providing appropriate and defensible levels of protection.
Their recommendations include:
CISOs “focused on IT cost optimization, finance, risk and value to optimize risk and corporate performance should:
- Use this research to build a business case and executive narrative to change how cybersecurity is treated in the organization.
- Improve cybersecurity readiness by treating it as a choice and a business decision.
- Drive cybersecurity priorities and investments by using an outcome-driven approach that balances investment and risk with the needs to achieve desired business outcomes.”
While Gartner’s findings come across as ominous and daunting, it is also a clear affirmation that Blue Lava is on the right path toward providing a positive solution to these problems. We’re constantly reminded that the primary driving force for most innovations is need. Gartner has essentially outlined the need for innovation like Blue Lava.
Blue Lava is designed to help CISOs implement these recommendations quickly, to communicate the business value of security and win those budget dollars in the boardroom. Built on our community-sourced model, Blue Lava guides security leaders to measure, optimize, and communicate their security program quickly, confidently, and aligned to their business.
Let’s take a moment to briefly expand on some of Gartner’s points and see how Blue Lava provides a solution.
- “…build a case and executive narrative”
- Blue Lava helps you plan your optimized security program. It allows you to create program investment scenarios to gain C-Suite and board support to justify budget needs. We also help CISOs collaborate cross-functionality with other business leaders to mature your security program, easily creating and managing enterprise-wide projects, all in one place.
- “…treat it as a choice and a business decision”
- Built on our community-sourced model, we help security leaders align their needs and elevate CISOs to be a strategic business partner through data-driven decisions. This includes strategy development and risk mitigation. Become a business enabler instead of a tactical order taker. Communication to the board is now confidently delivered and it is easier to elaborate on where to make program investments and why.
- “…outcome-driven approach”
- Blue Lava provides relevant, digestible information on the security program and its progress both up and down the ladder in as little as 2-3 days – to team(s), the C-Suite, and the Board of Directors. Blue Lava helps measure and report effectively the program needs by aligning to the needs of the business with easily shareable data and graphs, saving time and increasing consistency.
Our solution is born from the emerging need for CISOs to become empowered and to be able to confidently step into the boardroom as a valued contributor to the business. Manage the business of security by delivering a platform built by, for, and with the security community. Provide security leaders the data, insights, and knowledge to develop a strategy and plan aligned to their business risks, measure the progress, and communicate the results.