Intelligent CISO Issue 10 | Page 39

FEATURE now spending almost a third of their IT budget (£6.9 million) on cybersecurity and budgets are expected to rise over the next two years across all segments. Both SMBs and enterprises predict they will spend up to 15% more on cybersecurity over this period. Why? Because the consequences of a cybersecurity incident can spread far and wide. WannaCry stopped the production lines of five Renault factories, while exPetr disrupted business operations at Maersk, the world’s largest container ship and supply company, resulting in losses of between £155 million and £250 million pounds. Along with undermining current business operations, cyberthreats are also impacting future-focused initiatives. Digital Transformation and business mobility require organisations to operate a growing IT infrastructure, meaning they often lack visibility into their hybrid clouds. The battle for business buy-in: Three ways to justify your IT security spend Maxim Frolov, Vice President of Global MAXIM FROLOV, VICE Sales at Kaspersky Lab PRESIDENT OF GLOBAL SALES AT KASPERSKY LAB Proving ROI in IT security has traditionally been a struggle for IT professionals, who need to balance budget limitations while constantly fighting to stay ahead of the dynamic threat landscape. However, businesses are now starting to treat IT security as an investment, rather than simply a cost-centre – according to a recent Kaspersky Lab report. Costly cybersecurity incidents are affecting current and future business operations Businesses of all sizes and industries are realising that they have to prioritise cybersecurity spend. Enterprises are | Issue 10 Consequently, data is being put at risk of compromise or even encryption. Moreover, the costs of dealing with the consequences of a cybersecurity threat are on the rise – due to factors such as having to hire external consultants, acquiring new software, dealing with PR risks and litigations, etc. With costs rising and crucial business operations being put at risk, it’s no surprise that top management is now getting involved in the cybersecurity provisioning debate. But it’s not just their own infrastructure that they have to be thinking about. Even if your corporate perimeter is protected, you cannot be so sure about your suppliers It’s important to understand that a breach can happen even if the business’ own corporate network has the necessary level of protection – through supply chain attacks or breaches as a result of vulnerabilities in third party legitimate software. For enterprises, data protection remains a critical issue even if a threat is somewhere outside the corporate perimeter – data breaches resulting from incidents affecting suppliers which businesses share data with cost them up to £900,000 million on average. And, with data being stored in multiple locations, cybersecurity becomes a significant challenge. Business data must be protected, wherever it is It’s no secret that cloud services offer many benefits to businesses, from taking advantage of a more efficient mobile workforce, to reducing infrastructure costs and optimising business operations. As such, 73% of SMBs use at least one SaaS hosted business application, while 45% of enterprises have either already raised or are planning to grow their use of hybrid cloud in the next six months. However, as businesses move more and more data to the cloud, they often end up losing visibility of their data exposure. Data ‘on the go’ that is actually stored outside of the corporate data centre – e.g. in third party IT infrastructure – is presenting businesses with new security issues and new costs. In summary These insights help explain why cybersecurity should be prioritised across companies in any industry – it is a prevalent issue for companies of any size, because virtually every company today deals with third party contractors, cloud infrastructure and a growing amount of sensitive business data. u 39