There is a statistic from NTT Security’s latest Risk:Value Report that still shocks us today – one third of global business decision makers believe their organisation would try to cut costs by paying a ransom demand from a hacker rather than invest in information security.
The same report also reveals that for two years in a row, organisations have spent 14% of their budget on information security, which is not as high as it should be in order to be fully prepared to deal with today's threat landscape.
Risk and security management are important areas of focus for any organisation, especially in the digital era, so why the reactive stance? There should be no question for the need to spend money on information security.
Perhaps the real challenge is demonstrating how the money is spent and the value that is provided. Adding new technology alone is not the answer to managing risk. Nor is just defining a strategy and developing a business model going to assure an organization’s information security.
Risk management needs to be a continuous process, which should remain at the top of any boardroom agenda. The reality is that it requires well-thought continuous investment.
As the threat landscape evolves, organisations need to consider their current risk exposure in the context of their commercial objectives. This is crucial as this understanding allows identification of activities to be mapped with business priorities, moving organisations to a state of continuous risk management aligned to their business goals. It is also essential that organisations consider industry best practice and articulate these at all levels of the business for visibility and understanding.
Whilst this may seem straightforward and an easy concept to grasp, very few organisations are successful in executing on this approach in-house due to the tools and frameworks that may be at their disposal as well as challenges faced as a result of the cybersecurity skills shortage.
However, working with NTT Security can ensure you are well on your way towards continuous risk management. NTT Security is a centre of excellence in security for NTT Group and an end to end provider of Managed Security Services and Security Consulting services with specialist tools, frameworks, risk management services and managed security services – all delivered by a team of 1,500 dedicated experts.