{"id":22505,"date":"2020-12-16T10:47:10","date_gmt":"2020-12-16T10:47:10","guid":{"rendered":"https:\/\/www.experfy.com\/blog\/budgeting-cyber-security-post-covid-3-golden-rules-c-suite\/"},"modified":"2023-09-21T16:50:44","modified_gmt":"2023-09-21T16:50:44","slug":"budgeting-cyber-security-post-covid-3-golden-rules-c-suite","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/future-of-work\/budgeting-cyber-security-post-covid-3-golden-rules-c-suite\/","title":{"rendered":"Budgeting for Cyber Security post-COVID: Three Golden Rules for the C-Suite"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

This is not just about tech, and there is no tech silver bullet which can buy you cyber resilience<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The COVID crisis is presenting most businesses with unprecedented situations \u2013 for good, bad or worse. Uncertainty still dominates but the recession ahead is likely to be deep and could be protracted. Millions of people have already lost their jobs across the world, and many organisations are bracing for further significant spending cuts, in the face of a dwindling economic activity. Even in thriving sectors, budgetary caution seems to be the norm amongst C-level executives.<\/p>\n\n

One thing the pandemic has not pushed off the radar<\/a>, is cyber security. As a matter of fact, the volume of cyber-attacks increased to \u201calarming levels<\/a>\u201d according to Interpol during the heart of the crisis. For businesses now totally dependent on remote working, e-commerce or digital supply chains, a serious security breach is the last thing they want\u2026<\/p>\n\n

CEOs, CFOs and CIOs <\/a>should not jump to ready-made conclusions around cyber security ahead of their next budgeting round. Here are three golden rules for them to consider as they plan ahead.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

 Think carefully before making drastic arbitrary cuts around cyber security<\/p><\/blockquote>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Consider carefully and without complacency your actual level of cyber security maturity, and the level of digital dependency the COVID crisis has brought upon you.<\/p>\n\n

Look at the bigger picture: Only serious defence-in-depth can guarantee you a degree of cyber resilience. That means the actual application of protective measures at preventative, detective, mitigative and reactive levels. Doing pen tests every now and then and sending awareness emails to the staff twice a year \u2013 while probably better than not doing anything at all \u2013 does not constitute a security practice.<\/p>\n\n

Do not ignore your degree of dependency on third-party business partners or cloud service providers, and the implied degree of trust you are placing on the solidity of THEIR cyber defences. How much do you really know of what they are actually doing to protect your data or your processes?<\/p>\n\n

If you don\u2019t think you are in a good place on those matters, now is not the time to cut cyber security spending to the ground.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

 Focus budgeting on the protection of key assets<\/p><\/blockquote>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Equally, now is not the time to try to solve all the problems you may have around cyber security: You need to identify your key assets and focus efforts on those, whatever they might be: Systems, business processes, business units or geographies.<\/p>\n\n

Focus on clear, simple, tangible, affordable and measurable tasks with a short to mid-term horizon. Now is not the time to engage in multi-year projects, which the general economic uncertainty is likely to affect or kill.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Focus budgeting on areas where you know you can execute<\/p><\/blockquote>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Finally, now is not the time for large-scale and complex pet-projects: Ignore the sirens from the tech industry \u2013 there are countless vendors out there with their own \u201csilver bullet\u201d to solve all your problems \u2013 and focus on areas where you have the skills to deliver and know you can execute: It\u2019s only the actual implementation of protective measures, across the real breadth and depth of the enterprise, which will protect your business. Not snake oil and false promises.<\/p>\n\n

And limit the complexity of what you are trying to achieve to a level your teams can manage and absorb. Consider carefully the dependencies between the security tasks you are undertaking and the cross-silos implications amongst stakeholders: You may need the involvement of HR, legal, procurement or business executives depending on what you are trying to achieve (for example around identity management, or data privacy compliance). Make sure the priorities are clear for them too.<\/p>\n\n

Fundamentally, remember: This is not just about tech, and there is no tech silver bullet which can buy you cyber resilience \u2013 irrespective of what countless vendors would like you to believe. It can only come through concerted action<\/a> at people, process and technology levels, and the real execution of protective measures.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

CEOs, CFOs and CIOs should not jump to ready-made conclusions around cyber security ahead of their next budgeting round. Here are three golden rules for them to consider as they plan ahead.<\/p>\n","protected":false},"author":529,"featured_media":18179,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[182],"tags":[1132,462,213],"ppma_author":[3178],"class_list":["post-22505","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-future-of-work","tag-budgeting","tag-cyber-security","tag-post-covid-19"],"authors":[{"term_id":3178,"user_id":529,"is_guest":0,"slug":"jean-christophe-gaillard","display_name":"Jean-Christophe Gaillard","avatar_url":"https:\/\/www.experfy.com\/blog\/wp-content\/uploads\/2020\/04\/medium_b55e5afa-fb86-428a-a054-3be0451df2a4-150x150.jpg","user_url":"https:\/\/www.corixpartners.com","last_name":"Gaillard","first_name":"Jean-Christophe","job_title":"","description":"Jean-Christophe Gaillard\u00a0is Managing Director and Founder at Corix Partners. He is also a Non-Executive Director with\u00a0Strata Security Solutions<\/a>, a specialized cybersecurity firm. He has been co-president of the Cyber Security group of the\u00a0Telecom Paris Tech alumni association<\/a>\u00a0since May 2016. He is the author of \u201cCyber Security: The Lost Decade<\/a>\u00a0\u2013 A Security Governance Handbook for the CISO and the CIO\u201d, He contributes regularly to\u00a0The Digital Transformation People<\/a>,\u00a0Business 2 Community<\/a>, and\u00a0IoTforAll<\/a>\u00a0platforms, as well as the\u00a0Business Transformation Network<\/a>. He is an expert contributor on the\u00a0CIO Water Cooler<\/a>\u00a0and has previously published articles on\u00a0InfoSecurity<\/a>\u00a0Magazine, \u00a0Computing<\/a>, the C-Suite.co.uk,\u00a0Info Sec Buzz<\/a>\u00a0and the\u00a0IoD Director<\/a>\u00a0websites."}],"_links":{"self":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/22505","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/users\/529"}],"replies":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/comments?post=22505"}],"version-history":[{"count":4,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/22505\/revisions"}],"predecessor-version":[{"id":33073,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/22505\/revisions\/33073"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media\/18179"}],"wp:attachment":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media?parent=22505"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/categories?post=22505"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/tags?post=22505"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=22505"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}