top of page

Getting the Most Value from Your Cybersecurity Investments

Cybersecurity is one of the top risks that enterprises have to proactively manage. The cost and reputational consequences are too great to ignore for business leaders. In fact, cybersecurity ranks as the number one hazard for companies globally in the 2020 Allianz Risk Barometer based on the responses from more than 2,700 risk management experts in over 100 countries and territories. As recently as 2013, cybersecurity was only in 15th place. The rapid rise in cybersecurity risk is due to the increasing frequency and sophistication of cyber-attacks, combined with intensifying legal and regulatory actions that drive up the cost of managing a breach. This is in addition to the potential for significant business interruption. The need for a robust cyber resilience strategy has never been greater.

Increasing cyber risk is linked to the increasing importance of data in running a modern business. Connecting IoT devices and equipment delivers incremental value through improved quality and efficiency, but this connectivity brings an expanded cyber-attack surface which must be defended. A good cybersecurity strategy delivers the necessary cyber resilience with minimal incremental investment. A joint study performed by Accenture and the Ponemon Institute, however, suggests that organizations struggle to prioritize their cybersecurity investments with an ROI mindset.

The joint study involved 2,182 interviews from 254 companies and evaluated cyber-attacks on organizations’ IT infrastructure via internal or external networks or the internet. The companies in the study represented a very diverse set of industries spanning four continents, each company having more than 1,000 employees.

Cybersecurity spending vs value by Ponemon Institute and Accenture report, ResiliAnt

The results show that companies spend the most on advanced perimeter controls, access management, data loss prevention, and encryption technologies. The value, however, is higher in deploying security intelligence utilizing vulnerability information, and using behavioral analytics to address many human-factor conditions. While each organization should assess their unique needs and environment to decide where they will have the best ROI, the study outcome suggests that organizations can benefit by allocating a greater share of investment to mitigating vulnerabilities and human-centric risks. The considerations for IoT or operations technology (OT) cybersecurity will only add to the complexity as the type of vulnerabilities, operating environment, and effectiveness of risk mitigation strategies vary from traditional IT approaches.

For example, there is a recent upsurge in using Intrusion Detection Systems (IDS), especially the AI-based anomaly detection systems, for early identification of intrusions and threats. While IDS offers considerable value, a study performed by the Ponemon Institute, and an explanation of such a system, indicates a need to better evaluate the applicability and effectiveness of IDS on a case-by-case basis. The study involved participation of 630 IT and IT security practitioners in the US, with 65% coming from organizations of more than 5,000 employees.

Effectiveness of Intrusion Detection System, ResiliAnt

The Ponemon Institude study of IDS systems indicates that an organization, on average, receives close to 17,000 alerts weekly. Out of those, only 19% are deemed to be reliable. The organization, however, has to evaluate all 17,000 alerts to identify the reliable ones. This is on average $1.3M of annual cost to handle false positives. Further, organizations tend to only have capacity to investigate 22% of the reliable alerts. In other words, 78% of risk goes unaddressed! This is probably the reason why people hear about cyber-breaches involving some of the most prestigious organizations such as Marriott, Airbus, British Airways, Anthem, Merck, LabCorp, LifeLabs, Target, etc. The C-suite members in these organizations may believe that they have adequate cybersecurity controls in place. However, the effectiveness of their investments requires a deeper look.

Many organizations would benefit from performing a better assessment of their risks and needs prior to making investment decisions. Further, they would benefit from undertaking a programmatic approach with strong cross-functional governance to ensure that these investments are delivering the expected results.

ResiliAnt can support large organizations during their risk assessment and budgeting process involving IIoT or OT networks. ResiliAnt can also help small to medium-sized enterprises (SME) in deciding their cybersecurity strategies involving both IT and OT/IoT infrastructure. If you have interest in learning more about ResiliAnt’s solution, you can reach us at

bottom of page