Three ways to cost-optimise your businesses cybersecurity

Alex Simmons our consultant managing the role

We have already covered the latest in information security in the context of investment trends.  

However, this article only scratches the surface of cyber security trends. Between security threats, data leaks, online scams, and national level cyber warfare the sector is constantly evolving. Businesses are up against it when you consider not only the big geopolitical threats but the increasing sophistication of criminal organisations. 

However, despite growing threats CISOs are consistently pushed on budget. I regularly meet with leading CISOs, and they all tell me a similar story – improvements must be made but budgets are not sufficient to counteract cyberrisk.   

To this backdrop, cybersecurity leaders are being pushed to cut costs from vendor portfolios to help organisations respond to macro political and economic trends. In many organisations, this cost cutting appears to be a necessity, with one report finding that 78% of Chief Information Security Officers (CISOs) have 16 or more tools in their cybersecurity portfolio, with 12% having 46 or more tools. These large vendor portfolios come with a massive financial cost.

So, what can you do to cost-optimise your cyber security vendor portfolio?   

Gartner recently published a report outlining three solutions to cost-optimise companies cyber security vendor portfolios, they are:

  • Identify and internally shop for security tolls features to upgrade security capabilities while ridding vendor portfolio of redundancy  
  • Optimise vendor contacts by working with Gartner BuySmart partners throughout the cyber security vendor acquisition process 
  • Unlock untapped tools’ potential, as it is more cost effective than buying additional security tools   

Reduce portfolio redundancy  

Redundancy in the cybersecurity vendor portfolio arises due to overlapping tools. Nonetheless, advanced organisations understand redundancy occurs on a deeper level. Security tool features are the culprit of redundancy. Thus, it is much more common for tools to have several overlapping features than to totally overlap. 

Organisations which are advanced in their cybersecurity journey and have highly developed vendor portfolios view their range as a collection of tool features, from which they add or subtract based on security program strategy and organisation needs. 

The sourcing of these features can be done both internally, within the organisation, and externally with new vendors. Furthermore, non-security functions and business units within organisations may carry tools with untapped security potential. 

Work with tools like Gartner BuySmart  

According to Gartner, CISOs often have limited experience negotiating contracts. Moreover, smaller organisations may not have developed procurement teams, meaning the process can become convoluted and tricky. 

Additionally contracts often cannot be renegotiated for at least three years, this means newer leaders may not have experience negotiating with vendors at their current organisation. Gartner’s BuySmart framework helps organisations through all five steps of the buying cycle: 

1. Deciding what they really need to meet business outcomes

 2. Picking the right provider

 3. Aligning deal structures with business needs

 4. Optimising spend 

5. Reducing complexity and risks 

Ultimately, having a proper vendor contract in place makes it easier for CISOs to optimise their entire vendor portfolio.

Scale existing security tools    

Despite having several potential use cases, security tools are often used exclusively for the reasons they were bought. As such, a decent proportion of a security tool’s potential goes untapped within the cybersecurity vendor portfolio. 

Organisations with an advanced approach to information security are formalising the management of security tool effectiveness through more robust measurement and specialised personnel. This enhanced focus includes both the measurement and improvement of ineffective security tools within the cybersecurity vendor portfolio.  

Much of this work has been traditionally outsourced to third parties and consultancies. Yet outsourcing does not provide for the necessary, continuous management, which is key to identifying and improving security tool effectiveness. 

Cybersecurity talent as a cost-optimising tool 

Hiring talent when a business is cutting cost may seem counter intuitive. According to McKinsey’s latest report on recruiting cybersecurity talent to reduce cyberrisk, hiring cybersecurity talent normally uses a top-down approach that fills most senior roles first before filling roles further down the organisational chart. However, having the right cybersecurity talent in place is essential as it means you can effectively enable the business and protect the organisations cyber ecosystem.

Nevertheless, this is easier said than done as, despite mass layoffs in the technology, there is still an acute shortage of candidates. According to the International Information System Security Certification Consortium, or (ISC) there is a global shortage of 2.72 million skilled cybersecurity workers.  

But it is to this background that respondents to the same survey found that 60% of respondents reported that a cybersecurity staffing shortage is placing their organisations at risk.  

To combat this, hiring managers must focus on sourcing and developing specific skills both from within their organisation and externally. Additionally, there is some merit in sourcing information security talent from non-traditional background as the broad stroke generalist the standard hiring approach is less effective in this competitive job market.    

How Marks Sattin can help you source cybersecurity talent 

At Marks Sattin, we have been collaborating with specialist IT talent for 35 years. Our established team IT recruitment team has a well-earned reputation of being proactive and meticulous in their approach to sourcing top talent. For more information on how we match candidates with the right client, contact us

10/05/23
posts

Related articles

Things to look for in a software engineering CV
Things to look for in a software engineering CV

Teaser

Technology

Content Type

General

04/09/24

Summary

At Marks Sattin, we understand that hiring the right software engineer involves more than just scanning through a resume - it’s about identifying the perfect match for your team’s technical needs

Teaser

Here's what to look for in a software CV:

Read full article
Ghazal Mayahi

by

Ghazal Mayahi

Ghazal Mayahi

by

Ghazal Mayahi

Is it time to pause AI and Machine Learning development?
Is it time to pause AI and Machine Learning development?

Teaser

Technology

Content Type

General

13/08/24

Summary

Artificial Intelligence (AI) and Machine Learning (ML) are rapidly advancing technologies that are transforming industries and impacting our daily lives in unprecedented ways. From autonomous

Teaser

Does AI and machine learning need to be paused?

Read full article
Rob Frith

by

Rob Frith

Rob Frith

by

Rob Frith

Technology Hiring Trends | Sound Bytes | Episode 2
Technology Hiring Trends | Sound Bytes | Episode 2

Teaser

Technology

Content Type

General

28/06/24

Summary

Welcome to Sound Bytes! In this second episode of Sound Bytes Alex², Amine and Michael sit down to discuss some of the key trends they are seeing in the technology recruitment market. The topic

Teaser

In this second episode of Sound Bytes Alex², Amine and Michael sit down to discuss some of the key trends they are seeing in the technology recruitment market

Read full article
Alex Dando

by

Alex Dando

Alex Dando

by

Alex Dando

jobs

Related jobs

IT Service Desk Technician

Salary:

£25,000 - £29,000 per annum

Location:

Edinburgh

Industry

Technology

Qualification

None specified

Market

Commerce & Industry

Salary

£25,000 - £30,000

Job Discipline

IT Analysis

Contract Type:

Permanent

Description

IT Service Desk Technician

Reference

BBBH181866

Expiry Date

01/01/01

Ghazal Mayahi

Author

Ghazal Mayahi
Find out more
,NET Developer / Technical Architect

Salary:

£60,000 - £65,000 per annum

Location:

City of London, London

Industry

Business Services

Qualification

None specified

Market

Commerce & Industry

Salary

£60,000 - £70,000

Job Discipline

Architecture

Contract Type:

Permanent

Description

.

Reference

BBBH181806

Expiry Date

01/01/01

Michael Moretti Find out more
Technical Infrastructure Lead

Salary:

£50,000 - £61,955.4 per annum

Location:

London

Industry

Technology

Qualification

None specified

Market

Commerce & Industry

Salary

£60,000 - £70,000

Job Discipline

Cloud & Infrastructure

Contract Type:

Permanent

Description

Technical Infrastructure Lead

Reference

BBBH181804

Expiry Date

01/01/01

Ghazal Mayahi

Author

Ghazal Mayahi
Find out more
Security Engineer

Salary:

£75,000 - £90,000 per annum

Location:

London

Industry

Technology

Qualification

None specified

Market

Commerce & Industry

Salary

£80,000 - £100,000

Job Discipline

Software Development

Contract Type:

Permanent

Description

Security Engineer

Reference

BBBH181360

Expiry Date

01/01/01

Ghazal Mayahi

Author

Ghazal Mayahi
Find out more
Cloud Infrastructure Engineer

Salary:

£55,000 - £60,000 per annum + Bonus & Pension

Location:

Bath, Somerset

Industry

Technology

Qualification

None specified

Market

Commerce & Industry

Salary

£60,000 - £70,000

Job Discipline

Cloud & Infrastructure

Contract Type:

Permanent

Description

Cloud Infrastructure Engineer job in a global manufacturing company.

Reference

BBBH181236

Expiry Date

01/01/01

Ghazal Mayahi

Author

Ghazal Mayahi
Find out more
Integration Platform Lead

Salary:

Up to £55,000 per annum

Location:

City of London, London

Industry

Manufacturing

Qualification

None specified

Market

Commerce & Industry

Salary

£50,000 - £60,000

Job Discipline

Software Development

Contract Type:

Permanent

Description

Integration Platform Lead

Reference

BBBH181688

Expiry Date

01/01/01

Alex Simmons

Author

Alex Simmons
Find out more
App Dynamics Implementer

Salary:

£60,000 - £70,000 per annum

Location:

England

Industry

Technology

Qualification

None specified

Market

Commerce & Industry

Salary

£70,000 - £80,000

Job Discipline

Software Development

Contract Type:

Permanent

Description

App Dynamics Professional Implementer

Reference

BBBH181606

Expiry Date

01/01/01

Ghazal Mayahi

Author

Ghazal Mayahi
Find out more
Lead Support Analyst - Infrastructure

Salary:

£275 - £300 per day + Umbrella Company

Location:

Bath, Somerset

Industry

Manufacturing

Qualification

None specified

Market

Commerce & Industry

Salary

£250 - £350

Job Discipline

Cloud & Infrastructure

Contract Type:

Contract

Description

Lead Support Analyst job, with some team management in the Infrastructure team of a manufacturing business.

Reference

BBBH181355

Expiry Date

01/01/01

Alex Dando

Author

Alex Dando
Alex Dando

Author

Alex Dando
Find out more
Data & BI Analyst

Salary:

£65,000 - £75,000 per annum

Location:

London

Industry

Professional Services

Qualification

None specified

Market

Financial Services

Salary

£70,000 - £80,000

Job Discipline

Business Intelligence & Analytics

Contract Type:

Permanent

Description

A Central London based Mid-Tier bank seeking to hire a Data & BI Analyst. The role will play a crucial role in transitioning to and supporting the business new Azure Data Warehouse.

Reference

BBBH181521

Expiry Date

01/01/01

James  Thompson Find out more
View all jobs