(Image: Funtap via Adobe Stock)
Figures run the gamut as to how much organizations are spending on security. For example, at the end of last year (and pre-COVID-19), Gartner reported average spending on cybersecurity was 5% to 8% of overall technology budgets. Meanwhile, a more recent CIO survey of 683 IT executives worldwide places that statistic at 15%, on average, though 23% of the execs indicated they were spending 20% or more of their IT budgets on security.
So how much is enough? And what's the best way to evaluate whether you are allocating the right amount of money and resources toward security and risk mitigation?
"Is there a magic dollar amount every team should spend? No, but there is definitely a number that isn't acceptable, and that is zero," says Aaron Zander, head of IT at HackerOne.
Hack Yourself SecureOf course, one effective way to at least identify holes and find places for improvement and investment is to test yourself.
Oliver Tavakoli, CTO at Vectra, suggests challenging your organization with pen testing and evaluating results as a way to measure whether security spend is where it should be.
"You know you're not secure enough when at least 50% of the time you cannot root-cause security incidents," he explains. "You know you're not secure enough when roughly the same attack succeeds multiple times."
Good, quantifiable threat behavior dat ..
Support the originator by clicking the read the rest link below.
