• XRATOR
  • Our Experts
  • Contact Us
  • Privacy & Policy
Conquer your risk
  • Home
  • Articles
  • News
  • Research
  • State of the art
No Result
View All Result
  • Home
  • Articles
  • News
  • Research
  • State of the art
No Result
View All Result
Conquer your risk
No Result
View All Result
Home Risk Management

Budgeting in the era of digitalization

CFO must move from the traditional line-item method for cyber risk management spending.

Gagandeep KohlibyGagandeep Kohli
April 3, 2022
in Articles, Cybersecurity, Risk Management
2
CFO must move from the traditional line-item method for cyber risk management spending.

When you set up a conquest strategy, you design your budget to fit with the objectives, not the way around. Yet, the current line-item strategy of CFO demands the winning cybersecurity strategy to match a predetermined budget.

Budget is a tool to achieve objectives, not the contrary.

A company leadership must evaluates what is needed to be protected. If one of your Crown Jewels is at risk, if your new digital marketing campaign as not been evaluated, it is your priority to design the counter-measure plan and then evaluate the appropriate budget to meet your strategic requirement.

Companies don’t have infinite budget line. It is then even more important to carefully put your money where it has the most impact. Understand your business environment, assess your Threat Landscape and plan your risk mitigation strategy where is has the most impact.

Prepare the mindset before the budget.

Every Business Holder know that when you throw money to unprepared project, it can’t end up other than a failure. Before allocating money to a cyber risk management line, senior management must assure than all stakeholder understand and support the current strategy and priority.

The cybersecurity mindset alignment require to identify the key stakeholders across the business lines. Finances, IT, HR, Sales. Infuse the mindset into your chain of management, gather cybersecurity champion that will support the strategy and finally design the necessary budget.

Develop a Benchmarking Approach to Cybersecurity Budget

Cyber Risk and Cybersecurity Governance are mastering the use of Framework. Will it be NIST Cybersecurity Framework, ISO27001 or COBIT, all those tools split the security topics into a few key areas. Are you more mature at risk prevention or attack detection ? Does your Threat Landscape heavily your social engineering or technological attacks ?

Interaction between the senior management, the governance and the technical expert helps you to weight those key cybersecurity area in term of maturity and risk. It is your compass to design your budget ideally equally split into three types of actions for an reliable cybersecurity :

  • Quick wins : easy and cheap actions that have a visibility impact you can leverage for commercial purpose
  • Infrastructure : maintain, refactor and upgrade your current security measure
  • Strategy : implement your new cybersecurity objectives.

 

The current way of working of CFO and budgeting is reactive. You unlock a cybersecurity budget after you have been hit by a cyber-attack. You may go away with it a few times. But IT technologies are now a key factor of value creation in our interconnected world. A single cyberattack can lead you to bankruptcy. Start small key investment, build a minimal security baseline based on Best Practice and create a cybersecurity culture will make your company resilient. Adopting a proactive approach to cyber risk budgeting will also, on the long run, decrease its overall cost.

Tags: Business RiskCyber StrategyexecutiveSecurity BaselineSecurity BudgetSecurity CultureSecurity Posture

Categories

  • Cybercrime
  • Malware
  • Vulnerability & Weakness
  • Threat Intelligence
  • Cyber Attacks
  • Cybersecurity
  • Offensive Security
  • Risk Management
  • Cyberdefense
  • Cyber Insurance

Popular News

  • The H-Factor: Turning Human Into The Strongest Link Of Your Cybersecurity Strategy

    The H-Factor: Turning Human Into The Strongest Link Of Your Cybersecurity Strategy

    0 shares
    Share 0 Tweet 0
  • Understanding and Mitigating the Risk of Computer Memory Exploitation

    0 shares
    Share 0 Tweet 0
  • Three Social Impacts of Ransomware Operations

    0 shares
    Share 0 Tweet 0
  • Methods to Conduct an Insider Threat Risk Assessment

    0 shares
    Share 0 Tweet 0
  • Cyber War, Undefined By Military, Rationalized By Insurers

    0 shares
    Share 0 Tweet 0

"Conquer Your Risk" is a corporate blog for Cybersecurity and Risk Management executives and specialists, sharing XRATOR experts' views on Cybersecurity, Threat Intelligence, Risk Management and Cyber Insurance.

Categories

  • Articles
  • Cyber Attacks
  • Cyber Insurance
  • Cybercrime
  • Cyberdefense
  • Cybersecurity
  • Malware
  • News
  • Offensive Security
  • Research
  • Risk Management
  • Scams
  • State of the art
  • Threat Intelligence
  • Vulnerability & Weakness

Quick Links

  • XRATOR
  • Our Experts
  • Privacy Policy
  • Contact Us

XRATOR® – copyright 2020-2021

No Result
View All Result
  • Contact Us
  • Homepages

© 2018 JNews by Jegtheme.

Manage Cookie Consent
We use cookies to optimize our website and our service.
By closing this windows, you automatically deny non-functionals cookies.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
Preferences
{title} {title} {title}
Manage Cookie Consent
We use cookies to optimize our website and our service.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
Preferences
{title} {title} {title}