Cybersecurity budgets donu2019t just fund accumulating technologyu2014they also open the door to enabling opportunities. Security was once mysterious, but everyone is far more aware and connected today than they used to be—and that translates into a greater level of understanding and acceptance. With good reason, security breaches or failure to comply with regulations can result in a big hit to the brand, making board members and senior-level managers take notice. And it can all fall on the CIO. This increased awareness is the beginning of a solid cybersecurity budget. In the CIO Survey, 82 percent of respondents cited cybersecurity as a high or critical concern for the next 12 months, the highest percentage across all surveyed categories. However, as organizations invest in cybersecurity, budgets need to be strategic. Simply throwing money at cybersecurity can put an organization in a bad position. And the more IT spends now, the more the organization needs to spend later on upkeep. Investments require support, and lots of it. More importantly, technology itself doesn’t solve anything—even when people use it as a proxy for results. Likewise, woeful underspending on security is dangerous. Bottom line: It’s time to take stock and develop a threat-focused, risk-based approach to your security strategy. In building a risk-based strategy, organizations need to focus on three primary components—assets, vulnerabilities and threats—rather than simply looking for holes. For example, if the business doesn’t have any credit-card payments, why research POS system vulnerabilities? It’s counterintuitive to protect an area that does not apply to organizational operations. The key to success is to take the time to understand the real threats, where they are coming from and potentially what they look like. Furthermore, any modern cyberstrategy needs to complement the go-to-market strategy for the company. There should be a direct tie-in, including accommodation for any compliance standards. One of the more challenging aspects of budgeting for cybersecurity is demonstrating the return on investment. It’s difficult, if not impossible, to accurately depict the ROI from stemming hypothetical attacks. However, it’s still possible to show value with links to positive results by, for instance, tying the investment to the ability to accelerate the organization’s move to mobile or improved time to market for a new offering. As security professionals, we need to embrace these new metrics to show value—not just for brand protection but also for new opportunities. Related content brandpost Looking into the Crystal Ball As pharmaceuticals prepare to thrive in the years ahead, the need to focus on core competencies has never been stronger. By John J. Bell Oct 14, 2015 3 mins Small and Medium Business Collaboration Software brandpost A Seamless Generation Next-gen technologies are making significant inroads into life sciences by seamlessly integrating into infrastructure. By John J. Bell Oct 13, 2015 2 mins CIO brandpost Overcoming Life’s Obstacles The challenges to innovation facing life sciences companies are realu2014so too are the opportunities. By John J. Bell Oct 07, 2015 2 mins Risk Management brandpost Disruption Hits Healthcare Market As the health insurance market undergoes disruption, progressive CIOs are using the opportunity for digital transformation. By Lisa Pettigrew Oct 05, 2015 3 mins CIO Healthcare Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe