Science & Technology

How to get the most out of your cybersecurity budget

More than a quarter of executives surveyed by PwC expect security budgets to grow by double digits in 2022. The secret is to spend the money wisely and effectively.

Image: iStockphoto / anyaberkut

With the rise of ransomware and other types of cybercrime, organizations recognize that they need to be prepared to counter the ever-increasing threat of cyberattacks. As a result, many companies expect their security budgets to increase in 2022. But IT and executives need to analyze security to determine where to put those money, rather than just spending money on budget. A new report from the professional services network PwC provides tips on how to allocate security spending.

look: Security Incident Response Policy (TechRepublic Premium)

PwC “2022 Global Digital Trust Insight“This report is based on a survey of 3,602 business, technology and security executives (CEOs, corporate directors, CFOs, CISOs, CIOs and C-Suite executives) conducted worldwide in July and August 2021. I am.

69% of respondents expect cybersecurity spending next year to increase from 55% last year. Approximately 26% see spending more than 10% more than triple last year.

However, research shows that past investments in security tools and services have not been successful so far. When asked about initiatives such as cloud security, security awareness training, endpoint security, managed security services, disaster recovery plans, third-party risk management, and zero trust, only a small percentage (less than 20% of each initiative) I answered. You can see the benefits of implementation.

Part of the challenge is that the processes required to manage and maintain all the necessary security protections and relationships are very complex. In that report, PwC asks: “Is the business world too complex to be secure now?” In contrast, 75% of respondents said it was avoidable and unnecessary. He acknowledged that too much organizational complexity raises concerns about managing cyber risk.

As a starting point, PwC recommends asking the following questions:

  1. How can the CEO make a difference to your organization?
  2. Is your organization too complex to protect?
  3. How can you tell if you’re protecting your organization from the risks that are most important to your business?
  4. How well do you know the risks of third parties and supply chains?

To ensure that your security budget is focused on the right measures, PwC offers some suggestions in general and for specific roles within your organization.

in general

  • We treat security and privacy as mandatory. CEOs need to communicate clear and clear principles that establish security and privacy as business essentials.
  • Hire the right people. Hire the right leaders to connect your chief information security officer and security team with your business team.
  • Prioritize risks. Your risk is constantly changing. Use data and intelligence to continuously measure risk.
  • Analyze supply chain relationships. You cannot secure what you cannot see. Look for blind spots in your relationship and supply chain.


  • We position cybersecurity as important to business growth and customer trust.
  • Demonstrate the trust and support of the Chief Information Security Officer.
  • Understand and accept business model issues and risks, and change what needs to be changed.


  • Understand your organization’s business strategy.
  • Build stronger relationships with the CEO and continue dialogue to help the CEO pave the way for effective security practices.
  • Gain the skills you need to succeed in the expanding role of cybersecurity in your business.
  • Build a strong foundation for data trust using an enterprise-wide approach to data governance, detection, and protection.
  • Don’t stop at cyber risk. Link these risks to corporate-wide risk and business impact.
  • Quantify cyber risk and create a roadmap for creating real-time cyber risk reports.

For Chief Operating Officers and Supply Chain Executives

  • Investigate the most important relationships between supply chain vendors and use third-party trackers to find the weakest links along the chain.
  • Analyze your software vendor to see if it meets your expected performance criteria. The applications and products used by an organization must undergo the same types of testing and scrutiny as their own networks and other assets.Make sure Minimum standards for software testing Published by the National Institute of Standards and Technology in July 2021.
  • After reviewing third-party and supply chain risks, look for ways to simplify your business relationships and supply chain. Should you reduce or combine?

For Chief Revenue Officer and Chief Information Security Officer

  • Enhance your ability to detect, resist and respond to cyber attacks through software. Integrate security applications so you can manage them all at once.
  • Set up a third-party risk management group to coordinate activities in all areas that handle third-party risk assessments.
  • Strengthen the process of data trust and access. Data trust and third-party risk management are inextricably linked, as data is the target of most attacks on the supply chain.
  • Educate the board on cyber and business risks from third parties and supply chains.

See also

How to get the most out of your cybersecurity budget How to get the most out of your cybersecurity budget

Back to top button