Many UK organisations are still in the dark about how to approach spending on information security technologies.
A recent study by Thales E-security shows that cyber breaches are increasing despite increased security spending, underlining that security investment decisions are not aligned with actual cyber threats.
Managing director at training and consulting firm Blue Screen IT, Michael Dieroff, said: “Experience has shown that few organisations know how to go about allocating their information security budget.”
Dieroff believes that following a group of principles means that organisations can ensure the effective and relevant use of the IT security budget – possibly reducing spending by buying only what they need.
He said: “If an organisation uses only an ISO certification as a guide for implementing a set of security controls, they run the risk of investing in controls that they are never going to need because they may not be relevant to that particular organisation’s business processes in any way.”
In the past Dieroff has worked with some of the world’s leading private and public organisations, as well as many SMEs, helping them to develop and understand how to strengthen their cyber security strategy and implementation.
Dieroff added: “By looking at the actual risk they have and the threats they are facing, by considering the legislation and regulations they have to comply with, and using security operations analytics, organisations can derive quantified statistics to shape and support the security budget.”
More than a third of organisations who suffered a data breach in 2016 lost more than 20 per cent of their revenue as a result, new research claims.