Demonstrating the value of cybersecurity investment in uncertain times

By Chase Richardson, Principal Lead Consultant at Bridewell

The financial community is coming under mounting pressure to safeguard its interconnected systems and networks from cyber threats, particularly following a string of high-profile attacks on the sector from nation-state actors and other criminal groups. One recent example includes the recent breach of financial software provider ION Markets, which upended derivatives trading across multiple countries. Organizations are left reckoning with their heightened status as vulnerable and attractive targets for threat actors.

To address these concerns, the White House has released a National Cybersecurity Strategy, imposing mandatory regulations across all industries to “disrupt and dismantle” threat actors as part of a persistent, continuous campaign. Imminent changes to the Securities Exchange Commission (SEC) cybersecurity rules will also raise the pressure on financial organizations, requiring them to promptly disclose all security incidents and implement robust measures against cyber-attacks.

Time is increasingly of the essence – but preparation doesn’t come for free. Amidst lingering inflationary pressures, recent Bridewell research has revealed that 86% of finance organizations within US critical infrastructure are seeing reductions in their cybersecurity budget, largely attributed to the economic slowdown.

While there is no silver bullet in cybersecurity, it’s also something that simply cannot be compromised. So, how can financial organizations show they are finding the right balance, maximizing resource efficiency and minimizing cyber threats amidst rising costs and risks?

Optimizing security ROI

According to Bridewell’s research, US finance organizations suffered an average of 42 ransomware-related security incidents in the last year alone – a significantly higher mean than for any other sector within critical infrastructure. These attacks can have a devastating financial impact on businesses, with costs going well beyond the direct ‘hit’ of any ransom paid. The indirect cost of downtime and recovery of lost data can also far exceed the investment required for a proactive and robust security strategy.

Therefore, organizations must embrace a risk-based approach, effectively allocating their stretched resources and concentrating their cybersecurity efforts on protecting the most critical assets and data. This will result in a much greater return on investment (ROI) as it tightly aligns security measures with potential business impacts, enabling firms to minimize disruptions while mitigating the financial and reputational consequences of a cyber-attack.

Financial services organizations should also adopt a mindset of prioritizing quality over quantity, not only in terms of security tools but also when it comes to third-party vendors. Simply investing in more and more disparate tools is expensive, unsustainable, and often fails to consider the integration between technologies and the potential security holes that may arise. Likewise, an influx of vendors and partners can lead to increased risk exposure. Instead, consolidating technologies, tools, and vendors is vital for enabling a unified view of security across the business, allowing firms to streamline risk analysis and assessment. It also presents opportunities to identify where technology can relieve operational challenges by using automation to enhance efficiency.

With Bridewell research revealing that financial firms face an average of 44 security incidents related to social engineering every year, it is more crucial than ever to invest in the continuous cybersecurity training and development of an organization’s first line of defence – its staff. This ensures that employees remain updated on the latest practices and evolving threats, enabling them to respond promptly to emerging cyber risks and reduce the potential impacts and costs of a security incident.

Demonstrating cybersecurity’s worth

While cybersecurity has shifted from a technology risk to a business imperative, some C-suite decisionmakers may still struggle to recognize the concrete value of implementing a robust security strategy, particularly during periods of financial uncertainty and competing priorities. Therefore, it is vital to emphasize the ROI of cybersecurity, especially when demonstrating its impact on technology, people, and processes across the entire organization.

To gain executive buy-in and support, security leaders should first establish a clearly defined cybersecurity strategy that co-ordinates with the firm’s wider business goals. This strategic alignment will play a vital role in demonstrating to the board how investing in cybersecurity can yield specific objectives while effectively mitigating risks. Moreover, a clear and cohesive strategy provides a framework for measuring progress and assessing the overall ROI of cybersecurity spend.

When it comes to communicating the impact of security investment in a meaningful way, leaders must set measurable objectives, define key performance indicators (KPIs), and establish clear benchmarks, so that they can provide evidence of all positive impacts on the organization’s financial and operational performance. By highlighting the competitive advantage gained, security teams will be able to showcase the lasting value of the investment, explaining how the benefits go far beyond peace-of-mind against cyber-attacks and deliver long-term business benefits.

Enhancing security with MDR

To optimize cybersecurity and overcome resource limitations, finance organizations should cut through the noise of old-fashioned tools, especially for threat monitoring and response. Outdated technology stacks can generate a barrage of alerts, which often require manual review and expert analysis before any team can take action. In contrast, modern tools allow for real-time identification of patterns and behaviors across multiple technologies, effectively minimizing noise and condensing it into a few actionable alerts. This empowers security teams to streamline their operations, prioritizing critical threats and responding quickly and efficiently.

Managed detection and response (MDR) is particularly powerful as it combines human analysis, artificial intelligence (AI), and automation to rapidly detect, analyze, investigate, and actively respond to cyber threats around the clock. Deployed swiftly and cost-effectively as a fully outsourced service or via a hybrid security operations center (SOC), MDR helps organizations to establish a robust security architecture to protect their on-premises systems, cloud-based applications, and SaaS solutions. By enabling firms to quickly tackle new cyber threats as they unfold, MDR also minimizes the time hackers have to dwell within a network.

The most effective services also utilize extended detection and response (XDR) technology. This ensures additional detection and response capabilities across network, web and email, cloud, endpoint, and – most crucially – identity. Working hand in hand with MDR, this comprehensive approach empowers organizations to safeguard their users, assets, and data from an ever-growing range of cyber threats.

In the face of mounting economic pressures, financial firms must now make cybersecurity a top priority to protect their critical operations and data. By collaborating with a trusted security provider to implement MDR and XDR, organizations can streamline essential cybersecurity processes and enable staff to level up their skills. This proactive stance not only maximises the ROI of security, but also enables firms to effectively manage risks, protect their reputation, and maintain the trust of their customers in an increasingly volatile security landscape.