Three ways to cost-optimise your businesses cybersecurity

Alex Simmons our consultant managing the role

We have already covered the latest in information security in the context of investment trends.  

However, this article only scratches the surface of cyber security trends. Between security threats, data leaks, online scams, and national level cyber warfare the sector is constantly evolving. Businesses are up against it when you consider not only the big geopolitical threats but the increasing sophistication of criminal organisations. 

However, despite growing threats CISOs are consistently pushed on budget. I regularly meet with leading CISOs, and they all tell me a similar story – improvements must be made but budgets are not sufficient to counteract cyberrisk.   

To this backdrop, cybersecurity leaders are being pushed to cut costs from vendor portfolios to help organisations respond to macro political and economic trends. In many organisations, this cost cutting appears to be a necessity, with one report finding that 78% of Chief Information Security Officers (CISOs) have 16 or more tools in their cybersecurity portfolio, with 12% having 46 or more tools. These large vendor portfolios come with a massive financial cost.

So, what can you do to cost-optimise your cyber security vendor portfolio?   

Gartner recently published a report outlining three solutions to cost-optimise companies cyber security vendor portfolios, they are:

  • Identify and internally shop for security tolls features to upgrade security capabilities while ridding vendor portfolio of redundancy  
  • Optimise vendor contacts by working with Gartner BuySmart partners throughout the cyber security vendor acquisition process 
  • Unlock untapped tools’ potential, as it is more cost effective than buying additional security tools   

Reduce portfolio redundancy  

Redundancy in the cybersecurity vendor portfolio arises due to overlapping tools. Nonetheless, advanced organisations understand redundancy occurs on a deeper level. Security tool features are the culprit of redundancy. Thus, it is much more common for tools to have several overlapping features than to totally overlap. 

Organisations which are advanced in their cybersecurity journey and have highly developed vendor portfolios view their range as a collection of tool features, from which they add or subtract based on security program strategy and organisation needs. 

The sourcing of these features can be done both internally, within the organisation, and externally with new vendors. Furthermore, non-security functions and business units within organisations may carry tools with untapped security potential. 

Work with tools like Gartner BuySmart  

According to Gartner, CISOs often have limited experience negotiating contracts. Moreover, smaller organisations may not have developed procurement teams, meaning the process can become convoluted and tricky. 

Additionally contracts often cannot be renegotiated for at least three years, this means newer leaders may not have experience negotiating with vendors at their current organisation. Gartner’s BuySmart framework helps organisations through all five steps of the buying cycle: 

1. Deciding what they really need to meet business outcomes

 2. Picking the right provider

 3. Aligning deal structures with business needs

 4. Optimising spend 

5. Reducing complexity and risks 

Ultimately, having a proper vendor contract in place makes it easier for CISOs to optimise their entire vendor portfolio.

Scale existing security tools    

Despite having several potential use cases, security tools are often used exclusively for the reasons they were bought. As such, a decent proportion of a security tool’s potential goes untapped within the cybersecurity vendor portfolio. 

Organisations with an advanced approach to information security are formalising the management of security tool effectiveness through more robust measurement and specialised personnel. This enhanced focus includes both the measurement and improvement of ineffective security tools within the cybersecurity vendor portfolio.  

Much of this work has been traditionally outsourced to third parties and consultancies. Yet outsourcing does not provide for the necessary, continuous management, which is key to identifying and improving security tool effectiveness. 

Cybersecurity talent as a cost-optimising tool 

Hiring talent when a business is cutting cost may seem counter intuitive. According to McKinsey’s latest report on recruiting cybersecurity talent to reduce cyberrisk, hiring cybersecurity talent normally uses a top-down approach that fills most senior roles first before filling roles further down the organisational chart. However, having the right cybersecurity talent in place is essential as it means you can effectively enable the business and protect the organisations cyber ecosystem.

Nevertheless, this is easier said than done as, despite mass layoffs in the technology, there is still an acute shortage of candidates. According to the International Information System Security Certification Consortium, or (ISC) there is a global shortage of 2.72 million skilled cybersecurity workers.  

But it is to this background that respondents to the same survey found that 60% of respondents reported that a cybersecurity staffing shortage is placing their organisations at risk.  

To combat this, hiring managers must focus on sourcing and developing specific skills both from within their organisation and externally. Additionally, there is some merit in sourcing information security talent from non-traditional background as the broad stroke generalist the standard hiring approach is less effective in this competitive job market.    

How Marks Sattin can help you source cybersecurity talent 

At Marks Sattin, we have been collaborating with specialist IT talent for 35 years. Our established team IT recruitment team has a well-earned reputation of being proactive and meticulous in their approach to sourcing top talent. For more information on how we match candidates with the right client, contact us

10/05/23
posts

Related articles

How technology is impacting the future of risk and compliance jobs
How technology is impacting the future of risk and compliance jobs

Teaser

Governance

Content Type

Fintech

18/04/24

Summary

The role of risk and compliance in financial services  As a sizeable, growing portion of the financial services sector, risk and compliance play a vital role in ensuring that firms conduct busine

Teaser

With no signs of slowing down, strong risk and compliance is now more important than ever.

Read full article
David Clamp

by

David Clamp

David Clamp

by

David Clamp

Why London is the best place to find your next contract opportunity
Why London is the best place to find your next contract opportunity

Teaser

General

Content Type

Career Advice

29/03/24

Summary

Are you considering a change of scenery? Just look at London - an incredibly diverse city, with over 1,600 languages spoken and 300 nationalities represented.  At the centre of the UK's 4.2 milli

Teaser

Land your next contracting job in London with Marks Sattin.

Read full article
Julia Aruci

by

Julia Aruci

Julia Aruci

by

Julia Aruci

Tips to attract the best software engineering candidates
Tips to attract the best software engineering candidates

Teaser

Technology

Content Type

General

19/03/24

Summary

The UK tech sector retains the number 1 spot in Europe and number 3 in the world as sector resilience brings continued growth. With this demand comes stiff competition. London offers a wide range

Teaser

Learn about software engineering candidate preferences.

Read full article
Ghazal Mayahi

by

Ghazal Mayahi

Ghazal Mayahi

by

Ghazal Mayahi

jobs

Related jobs

Director of Cyber & Service Management

Salary:

Up to £100,000 per annum

Location:

City of London, London

Industry

Property and Infrastructure

Qualification

None specified

Market

Commerce & Industry

Salary

£100,000 - £125,000

Job Discipline

Information & Cyber Security

Contract Type:

Permanent

Description

Director of Cyber & Service Management

Reference

BBBH180415

Expiry Date

01/01/01

Alex Simmons

Author

Alex Simmons
Find out more
Enterprise Architect

Salary:

£95,000 - £100,000 per annum

Location:

City of London, London

Industry

Property and Infrastructure

Qualification

None specified

Market

Commerce & Industry

Salary

£100,000 - £125,000

Job Discipline

Architecture

Contract Type:

Permanent

Description

EA

Reference

BBBH180134

Expiry Date

01/01/01

Michael Moretti Find out more
Platform Engineer

Salary:

£45,000 - £56,000 per annum

Location:

Manchester, Greater Manchester

Industry

Technology

Qualification

None specified

Market

Commerce & Industry

Salary

£50,000 - £60,000

Job Discipline

Cloud & Infrastructure

Contract Type:

Permanent

Description

Platform Engineer

Reference

BBBH180331

Expiry Date

01/01/01

Ghazal Mayahi

Author

Ghazal Mayahi
Find out more
SAP Integration Developer

Salary:

Up to £60,000 per annum

Location:

City of London, London

Industry

Technology

Qualification

None specified

Market

Commerce & Industry

Salary

£60,000 - £70,000

Job Discipline

Cloud & Infrastructure

Contract Type:

Permanent

Description

SAP Integration Developer

Reference

BBBH180190

Expiry Date

01/01/01

Ghazal Mayahi

Author

Ghazal Mayahi
Find out more
Data Engineer - Azure

Salary:

Up to £56,000 per annum + +bonus/benefits

Location:

Bath, Somerset

Industry

Technology

Qualification

None specified

Market

Commerce & Industry

Salary

£50,000 - £60,000

Job Discipline

Business Intelligence & Analytics

Contract Type:

Permanent

Description

Data Engineer - Azure

Reference

BBBH180201

Expiry Date

01/01/01

Amine  Zekri

Author

Amine Zekri
Amine  Zekri

Author

Amine Zekri
Find out more
IT Support Manager

Salary:

Up to £50,000 per annum

Location:

City of London, London

Industry

Consumer & Retail

Qualification

None specified

Market

Commerce & Industry

Salary

£50,000 - £60,000

Job Discipline

Cloud & Infrastructure

Contract Type:

Permanent

Description

IT Support Manager

Reference

BBBH180096

Expiry Date

01/01/01

Alex Simmons

Author

Alex Simmons
Find out more
Senior Mobile Engineer

Salary:

€65,000 - €72,000 per annum + +bonus/benefits

Location:

Madrid

Industry

Technology

Qualification

None specified

Market

Financial Services

Salary

£60,000 - £70,000

Job Discipline

Software Development

Contract Type:

Permanent

Description

Senior Mobile Engineer

Reference

BBBH179935

Expiry Date

01/01/01

Ghazal Mayahi

Author

Ghazal Mayahi
Find out more
Stocking Executive

Salary:

Negotiable

Location:

London

Industry

Technology

Qualification

None specified

Market

Financial Services

Salary

£35,000 - £40,000

Job Discipline

Business Intelligence & Analytics

Contract Type:

Permanent

Description

Stocking Executive

Reference

BBBH179894

Expiry Date

01/01/01

Amine  Zekri

Author

Amine Zekri
Amine  Zekri

Author

Amine Zekri
Find out more
C# Software Engineer

Salary:

£55 - £65 per hour + Umbrella Company

Location:

Stevenage, Hertfordshire

Industry

Transport & Logistics

Qualification

None specified

Market

Commerce & Industry

Salary

£350 - £450

Job Discipline

Software Development

Contract Type:

Contract

Description

A C# Software Engineer contract role with a well known Defence organisation.

Reference

BBBH179879

Expiry Date

01/01/01

Alex Dando

Author

Alex Dando
Alex Dando

Author

Alex Dando
Find out more
View all jobs