Pressure is rising on budgets amid concerns about an economic downturn and CISOs will need to convince board members and the C-suite that cyber resilience will help improve the bottom line, according to Forrester.
Corporate boards and the C-suite still largely view cybersecurity as a cost center, raising the possibility that critical investments will be rolled back or eliminated as companies make cuts.
But CISOs need to make the case that cyber resilience will help generate customer trust and loyalty. It falls on them to illustrate cuts to the security budget will put the company at risk of regulatory scrutiny, higher insurance premiums and the risk of losing customers to rival firms.
“Linking security to revenue — or the loss thereof — is critical to defending the security budget and establishing security as a core competency, and the cost of doing business,” Jess Burn, senior analyst at Forrester, said via email.
The concerns raised in the report, a planning guide for security and risk this year, echo a number of other indicators that cybersecurity budgets are coming under scrutiny.
The Neustar International Security Council showed less than half of companies surveyed across the globe said they were getting adequate budget allocations to support their cybersecurity needs, according to a report released last week.
Earlier this month, PwC released a report showing about half of global CEOs planned to increase their investments in cybersecurity or data privacy, adapting supply chains or expanding their geographic footprint.
“That being said, CISOs are trying to be good stewards of the level of investment by optimizing their technology footprint and leveraging automation to do more with less,” Joe Nocera, PwC partner leader, cyber, risk and regulatory marketing, said via email.