Stop Measuring Your Cybersecurity in Terms of Budget

• Almost every month there is a new report detailing how firms are increasing their cybersecurity budgets, or buying the latest tech to help defeat hackers.

• The typical way that companies have looked to improve their cyber capabilities is by investing in the latest tech to help protect their networks.

• Clearly measuring how strong your cybersecurity is can no longer be done by how much money is spent on it each year.

The last decade has seen an explosion in cybersecurity spending, with the global market now valued at $112bn in 2019. Almost every month there is a new report detailing how firms are increasing their cybersecurity budgets, or buying the latest tech to help defeat hackers, but is this correlating with a reduction in cybercrime? A recent report found that while 85 percent of companies rated their security stack incredibly highly, 86 percent of them had still suffered a data breach in the last 12 months. Clearly there is a disconnect between how companies are measuring their cybersecurity readiness and achieving effective security in reality.

The typical way that companies have looked to improve their cyber capabilities is by investing in the latest tech to help protect their networks. While these systems are effective, they still require employees with the sufficient skills to work them properly. Given that the DCMS recently found that 48 percent of UK businesses struggled to find employees with basic cyber skills, for example being able to configure a firewall correctly, it seems unlikely that the majority of companies are getting the most out of these tools.

Learn more: THE TIME HAS COME TO BRING IN AI, MACHINE LEARNING AND AUTOMATION IN CYBERSECURITY .
 

“Measuring human cybersecurity readiness is difficult to do. Currently, companies have had to rely on certifications for measuring ability, which quickly become outdated as hackers develop new techniques almost daily”.

Experts often say that one of the best ways of defending your network is educating employees to be on the lookout for risks. However, often many businesses are not taking their human cyber readiness into account. This is because they are unable to effectively measure the skills of their cyber team. Measuring human cybersecurity readiness is difficult to do. Currently, companies have had to rely on certifications for measuring ability, which quickly become outdated as hackers develop new techniques almost daily.

“ If an organization is unable to tell how strong its team is at cybersecurity, it will always be behind the hackers who are looking to steal its information”.

However, failing to measure your human readiness companies can open themselves up to increased risk. For example, many organizations carry out breach simulations to provide crucial experience for the day when there is a real attack. However, businesses rarely measure how well their teams coped with each scenario and what training and actions should come from it. If an organization is unable to tell how strong its team is at cybersecurity, it will always be behind the hackers who are looking to steal its information. In the past, the only measure companies had to judge their employees was through what certificates they held. This led to hiring professionals on huge salaries who have been working in the industry for many years and have secured the correct qualifications.

Just because they have a certificate does not mean they are necessarily better at handling a threat as the most junior person on the team. This is because it is impossible to know who is best to handle a response simply by looking at certificates. The junior member could have had more recent experience in handling that type of threat, or recently read about the latest techniques. By being able to continually measure who in the team is stronger at certain tasks can go a long way in improving efficiency in defending against attacks. Often, rather than hiring in the talent from outside their teams, organizations could spend a fraction of the budget and focus on upskilling their own existing staff. Of course, to do this you first need to know what skills your team already has, and where there are gaps that need to be filled.

Learn more: CYBER SECURITY GUIDANCE FOR REMOTE WORKING .