IT Operations

What IT teams need to tell higher-ups on cybersecurity funding

“You just have to have a different mindset—that it’s going to happen and that you need to constantly be looking and questioning,” one managing director tells IT Brew.
article cover

Yutthana Gaetgeaw/Getty Images

3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

Show us the money.

That’s what IT teams are going to be saying to upper management—hopefully more politely—as they seek to increase security budgets. It’s an important discussion to have as the security space evolves, Boston Consulting Group Managing Director Nadine Moore told IT Brew at CES.

Golden era. Cybersecurity is poised for another banner year after 2023 was defined by ransomware attacks and defenders worked to keep up. “There’s good stuff coming with tooling to help you, but there’s also just a lot more going on in terms of new technologies that you’re gonna have to think about defending,” Moore said.

And despite a drop in total investment in cybersecurity over the last year, Dan Ives, managing director at Wedbush Securities, told IT Brew in an interview after CES that what he saw at the show and in the industry generally has him bullish on the sector.

“It’s a golden age for cybersecurity, and I think the nature of threats facing enterprises is unprecedented,” Ives said. “We believe cybersecurity is going to comprise 10% of IT budgets over the next few years, from 5% today.”

Trouble brewing. The threat posed by attackers is only growing in an age dominated by AI-influenced phishing and deepfake techniques, Moore said. Social engineering has been behind multiple breaches in recent years, with adversaries accessing systems by way of human error and manipulation. As Axios reported in Sep. 2023, last year’s attacks on Caesars Entertainment in Las Vegas came after attackers breached a third-party vendor by using social engineering; an attack on MGM Resorts, which cost the company $100 million, at around the same time likely relied on a similar tactic.

Protecting against these kinds of attacks isn’t easy, Moore said, and IT teams need to be prepared to use “constant vigilant education and conversations with people” in order to deploy a “see something, say something mindset” when it comes to IT security.

“You just have to have a different mindset—that it’s going to happen and that you need to constantly be looking and questioning,” Moore said.

Make it count. For conversations with the top brass, IT teams need to make the case that the return on investment makes sense. It’s part of an overall cyber-secure strategy that focuses on prevention—a prophylactic approach to security that frontloads the cost and expense with a safety payoff that comes later.

“You need to take a fresh look at, ‘What am I doing? Am I getting the risk/return trade-off for those investments? And now that I have these new things I have to think about, if I have $1, where am I going to put it?’” Moore said. “I’m hopeful that organizations are doing that. As they think about investing in the new technologies and these new AI capabilities, we’re seeing clients embedding the cyber cost right up front with the entire effort—which I think is great.”

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

I
B