3 Ways to Optimize Your Cybersecurity Budget

written by
John Milburn
Identity Governance
Security Operations
February 22, 2023

Despite being well into an economic downturn with no end in sight, it’s never a bad time to invest in IT initiatives. In fact, according to forecasts from Gartner, worldwide IT spending is projected to total $4.6 trillion in 2023, an increase of 5.1% from last year.  John-David Lovelock, Distinguished VP Analyst at the firm goes on to say, “Enterprise IT spending is recession-proof as CEOs and CFOs, rather than cutting IT budgets, are increasing spending on digital business initiatives.”

While spending may not waiver, the economy will certainly dictate the types of projects and software enterprises set their sights on. My bet is that cybersecurity is one of the areas we’ll see accelerate, rather than stall. To stay on theme, it’s simply an area businesses can’t afford to ignore or remain complacent. But that doesn't necessarily  equate to frivolity and new, shiny things.

With budgetary constraints in mind, it's important that business and IT leaders approach any new tech rollout in a strategic way. It may not be feasible (or advisable) to expect a full 'rip and replace' overhaul under the current circumstances, but even gradual cybersecurity improvements can make a real difference. Here are 3 ways enterprises can optimize their cybersecurity budgets this year:

  1. Do More with Less
  2. The most effective way to ensure strong ROI on cybersecurity spending is to look for ways to extend current technology investments before making new purchases. A large percentage of the cloud platforms enterprises use today offer features or easily integrated tools to solve many security, identity, governance, and compliance use cases. Time to value is significantly faster when current investments are extended, compared to new implementations.

    Not only will enterprises reduce time and headaches spent on configuration, but they’ll also be way ahead of the curve on training administrators and employees. This approach is far more cost-effective than the alternative—buying new software or migrating to a different platform entirely. This is not always possible, but it’s always worth exploring.

  3. Stay Flexible
  4. Most organizations require an annual planning cycle, which is typically a good cadence. However, there is also a need for a reevaluation when there are large changes to business—in this case, in light of economic factors—or the scope of work. For example, in the event of a data breach, it would be smart to reevaluate the cybersecurity budget and reallocate funds appropriately, whether to ramp up staff, software, or to put new processes in place.

    When financing is locked in prematurely, the following 12 months are often spent reworking the budget as unexpected challenges arise and success metrics become more clear. While a constantly evolving budget can put a dent in progress, flexibility is non-negotiable. Determine the priority security issues that will require financing, get executive buy-in, and leave some wiggle room for other mission-critical issues that may arise, or pivots you’ll need to make.

  5. Practice Good Housekeeping
  6. Unfortunately, cybersecurity is not a ‘set it and forget it’ business. It’s important to clean up shop, and often. We know that the root of most security compromises is human error, and in many cases, this comes down to rogue accounts or rubber stamp access in the name of productivity. But beyond the security and compliance red flags, lax access management policies can also lead to unnecessary spending.

    For example, most business applications have licensing costs. If an employee leaves your company and you don’t disable their Slack account, not only is there a security hole, but a line item you’re not getting value from. Add this up across multiple accounts and applications and depending on the company’s size, it could be significant. Fortunately, automating identity governance can go a long way in helping defray excess spending in this area. And to bring it full circle to tip #1, it’s likely features like this already exist in your cloud stack.

Recessions don't last, but the risk of not optimizing, or in this case, protecting your business for the future can have negative, long-term effects. It will be the companies that prioritize efficiency and smart spending during the downturn that ultimately come out on top. There are plenty of ways to do this, and the tips mentioned above don’t require a big budget to get started.

This article first appeared in Forbes.

share on

Related Posts

Take a Self-Guided Tour

Personalize your own on-demand demo to see how identity security built on ServiceNow works.
Update cookies preferences