For at least the past year, inflation and the threat of recession have hung in the air. Growth for businesses has been a delicate act, and that’s doubly true for getting a cybersecurity strategy right. Cybercrime is on the rise. According to the UK Government’s Cyber Security Breaches Survey 2023, more than one-quarter of businesses admitted to experiencing cyber-attacks in the past 12 months, with the number much higher for medium businesses (59%) and large companies (69%). The combined effect of this increased threat and economic uncertainty is causing tangible differences in the cybersecurity market, and therefore how businesses tackle cybercrime. That is why more and more organizations are opting for macro platforms to protect themselves from cyber criminals, instead of looking for the expected best-in-class solutions out there. Let’s have a more detailed look at why these platforms have become popular amongst businesses.

Cost optimization means the pendulum is swinging towards security platforms

To generalize, a macro trend we have seen in the cybersecurity market has been for businesses to oscillate between two different cybersecurity strategies. On the one hand, best-of-class platforms tackle specific areas of cybersecurity. While they can be effective, they can also have a complicating effect because organizations need to procure, integrate and measure multiple solutions to build a robust defense against cyber criminals. This, in turn, proves to be a time-consuming and costly exercise.

Instead, in the face of increased demand for cost optimization, CISOs have been under pressure to do more with less. Platforms, therefore, offer a suite of solutions from a single company that handle different operations in cyber defense. Choosing a suite of tools can offer efficient, comprehensive protection against cyber threats and deliver on budget constraints through multi-year cost optimization; reducing costs significantly in the long run. This can be later supplemented with additional best-in-class solutions to cover any further requirements.

There’s another important reason why simpler, easy-to-integrate and cost-effective solutions might work best for CISOs and cybersecurity professionals. There is tangible exhaustion amongst leaders and board members when it comes to cybersecurity – above all, they want to break the endless cycle of purchasing a new solution, integrating it, and then having to replace or upgrade it only a few years later. What is driving this?

Interview-based risk assessment is no longer working. What is next? 

The standard “interview-based risk assessment” often used to assess a business’s cybersecurity readiness, is no longer fit for purpose. The holy grail of cybersecurity is to establish real-time and automated systems-led maturity assessments that end the exhausting cycle of investing and renewing. But so far, measuring precisely which tools have been leveraged, how effective these have been and whether their efficiency justifies their cost is extremely difficult. Consequently, businesses are finding hyper vendors and macro platforms offer the clearest path to achieve this goal in the short term.

Here's where the conundrum lies: how can businesses ensure they employ the right tools and measurements to elevate their security posture in a way that resonates with the board? Achieving this kind of reporting visibility is not a one-size-fits all proposition, and ultimately CISOs should look to partner with experts able to draw on wider industry context and tailor to their needs and history.

Automation has a key role to play

The first step to presenting plans to the board and picking a platform is establishing visibility, reporting and systems-led assessments. The skills gap may be a much-discussed concern but it’s automation that can help to mitigate the issue, especially during periods of budget cuts, when layoffs are common. Secondly, automation can free cybersecurity teams from mandatory time-consuming repetitive tasks while scaling a business’s security efforts. In tandem with AI and Machine Learning (ML) it can also play an important role in the design of cyber resilience plans. As a result, automation can further strengthen a company’s cybersecurity strategy making it much more agile and flexible. Once visibility is established, the right expertise can make connections between data points to link cybersecurity to business outcomes and KPIs which boards can digest.

An effective cybersecurity strategy starts with you  

It’s clear that the recent economic uncertainty has caused consolidation in the market. CISOs under financial pressure are having to do more with less, and a move to macro platforms offers vital budget savings through multi-year cost optimization, all while delivering on high standards of protection.

The first step to picking a macro platform that delivers on both cyber and cost saving needs is establishing visibility. Only by establishing the right measurements and KPIs can CISOs successfully present cyber investment in terms that the board can understand, such as its links to revenue and corporate reputation.

Automation has a central role to play. Not only can it help teams to do more with less, but it can also improve a team’s ability to measure positive outcomes and the sophistication of responses to threats. Taken alongside deeper collaboration with experts across the cybersecurity ecosystem who can help navigate change, provide context, and identify new vendors to integrate into their cybersecurity infrastructure. It’s the first step towards a more holistic and stronger view of cybersecurity, that will help CISOs deliver cost savings as well as their organization's security needs.

This article originally appeared on TechRadar Pro.

About the Author

We’re Spending Too Much on Cybersecurity


Tony Buffomante

Senior Vice President & Global Head – Cybersecurity & Risk Services, Wipro Limited

Over the past 27 years, Tony has managed and executed cybersecurity risk assessments, strategies and implementations for the largest and most complex global organizations. He helps clients identify cyber risks and develop secure strategies that enable business value throughout the digital transformation journey.