TMCnet News
IANS Research Identifies Obstacles in Enterprise Security Budgeting to Help CISOs Win the Battle of the Budget and Manage RiskIANS officially released its latest findings on budget-related best practices for information security leaders to consistently command the budget and resources they need. The research report, Winning the Battle of the Budget, identifies key obstacles in enterprise security budgeting and provides methods and benchmarks used by successful InfoSec leaders to facilitate the budget discussion. The research outlines four key battlefronts and provides guidelines from some of the most successful, well-supported InfoSec leaders. Key findings reveal that regardless of size, maturity or corporate heft, the approach to security budgeting looks different in organizations that inherently value information security and those that do not. "It's part of the CISO's job to transition from unsupported to being fully supported, but that can only be done when the stage has been properly set within an organization," said Doug Graham, chief security officer at Nuance (News - Alert) Communications. "This research report from IANS goes beyond the numbers and uncovers some of the underlying and contributing factors that can help CISOs win the battle and set the stage for a stronger security posture within their organization." To keep the research enterprise-focused, only responses from representatives of organizations with full-time CISOs and annual revenue higher than $500 million were included. Half of the enterprise CISOs surveyed (49 percent) have annual security budgets between $1 million and $5 million. One in four (25 percent) have between $6 million and $10 million to spend, while roughly the same number (22 percent) report budgets larger than $10 million. Most CISOs allocate the biggest budget share to people and technology, with 43 percent on people and 36 percent on technology. The remaining 21 percent include professional services, outsourcing and other budget items. Two-thirds of CISOs indicate that both headcount and operating expenditures are areas of budget growth to which the company is most sensitive.
The Fiscal Battle Zone Despite promising numbers, however, executive decision-makers now want InfoSec costs inexorably linked to business value and return on investment. While some CISOs consistently command the budget and resources they need, others continue to struggle. "Somewhat surprisingly, a number of Fortune-level companies with household names have CISOs who struggle to secure the appropriate levels of funding," said Phil Gardner, founder and CEO, IANS Research. "Although metrics are powerful, several CISOs expressed to us that when it comes to securing budget, it's more important to deliver a narrative that business leaders can understand. CISOs who can deliver a compelling narrative on how InfoSec powers the business will advance their objectives, increase their stature and win the battle of the budget."
Credibility, Trust and Influence The difference between the two had little to do with company size or industry and more to do with an organization's culture and CISO selection process. The most Under-Supported CISOs responses include:
Meanwhile, corporate reporting lines keep these Under-Supported CISOs several steps removed from the organization's most influential leaders. Supporting Resources:
About IANS:
View source version on businesswire.com: https://www.businesswire.com/news/home/20180411005699/en/ |