NIS2: What to do with your budget
NIS2 - What to do with your budget
For medium to large companies, CISOs or IT managers have the important task of effectively allocating their cybersecurity budgets. From our experience, we know that most security managers (unfortunately) are allocated a limited budget and so it is always a challenge to spend these euros (or dollars) as efficiently as possible.
Average spending of larger organizations is 3% to 10% of total turnover on cybersecurity measures
We are therefore regularly asked how we at DeepBlue would divide our imaginary budgets. So with a view to the new NIS2 regulations, an overview below so that you can optimize and diversify your budget, with the emphasis on strategic allocation to areas that maximize defensive capacity and resilience.
When planning your budget, consider the following as essential investments rather than costs. A well-thought-out cybersecurity budget is an investment in the continuity, reputation, and future success of your organization.
Understand your risk landscape (risk assessment)
The first step in allocating budgets is to conduct a thorough risk assessment. By gaining insight into the specific threats your organization faces, from data breaches and ransomware attacks to insider threats and supply chain vulnerabilities, you can prioritize spending on defense measures that mitigate your most critical risks. This risk-based approach ensures that investments are aligned with the organization's unique threat landscape, regulatory requirements, and business objectives.
Prioritize security hygiene
We know from experience that good basic security hygiene can prevent a significant number of attacks. Make sure that part of your budget is spent on maintaining and improving fundamental security practices, such as patch management, access controls, and network segmentation. Automating these processes where possible can increase efficiency and reduce the risk of human error. These improvements are a very cost-effective way to significantly reduce the likelihood of an event.
Ensure reliable backups
Robust backups are crucial for business continuity, minimizing data loss, and quickly recovering from cyberattacks, such as ransomware. Efficient backup management includes: implementing a 3-2-1 strategy (three copies of data, on two different media, one of which is off-site), encrypting backup data to prevent unauthorized access, and regularly testing whether the setup is still functional. By implementing a good backup strategy, you can be sure that critical data is protected against various threats and downtime is minimized in the event of an outage. This approach is therefore essential for operational resilience and compliance.
Improve detection and response capabilities
The reality is, unfortunately, not whether an attack will take place, but when. Early detection is essential. Investing in detection and response tools and services, such as Security Information and Event Management (SIEM) systems, Endpoint Detection and Response (EDR) solutions, and Managed Detection and Response (MDR) services, can significantly reduce the impact of a breach. These tools provide real-time monitoring and analysis of security alerts generated by applications and network hardware, allowing irregularities to be identified and addressed more quickly.
Cloud security
Data and applications are increasingly being hosted outside the corporate network. Due to several aspects, this is of course a nice development. Just keep in mind that the threat of cyberattacks moves along to the Cloud where a wealth of information lies. A robust Cloud security strategy is therefore not only important for protection against data leaks and unauthorized access, but also guarantees the integrity and availability of your business-critical information. Start by implementing strong identity and access management, encryption of sensitive data, and continuous monitoring and response to threats. These measures, combined with regular security audits and compliance with standards such as ISO 27001, form the basis for effective security of your Cloud environment.
Invest in talent and training
One of the most effective ways to strengthen your cybersecurity posture is to invest in your team. Trained cybersecurity professionals are your first line of defense against threats. Allocate budget for ongoing training and certifications to keep your team's skills sharp in the face of evolving threats. In addition, consider investing in cybersecurity awareness training for all employees, as human error remains a very important cause of security incidents.
If you unexpectedly do not have a budget for the above, we are happy to be your security team and are always ready to assist you, regardless of your question.
Allocation for emerging technologies
Emerging technologies such as artificial intelligence (AI) and machine learning (ML) are becoming an integral part of proactively identifying and responding to cyber threats. By allocating part of your budget to these technologies, you can improve your security posture by enabling predictive analytics and automating threat detection and response processes.
Focus on compliance and data protection
Regulatory compliance and data protection should not be overlooked. Allocate budget to ensure that your organization complies with relevant regulations, such as GDPR, CCPA, or HIPAA. This includes investments in data encryption, data loss prevention (DLP) technologies, and regular audits.
Continuous improvement through Red Teaming and Penetration Testing
Regularly testing your defenses through Red Team exercises and penetration testing is crucial to identifying vulnerabilities before attackers do. Allocate budget for these activities to continuously improve your security measures and response plans based on real-world attack simulations
Cost
The potential costs associated with a serious attack are diverse and can vary considerably depending on the sector, the size of your organization, and the duration of the disruption. It is therefore a good idea to consider what the costs for your organization could be in the event of an attack. Below is an overview of potential cost items:
- Restoration costs: costs for hiring external cybersecurity experts for incident response and forensic investigation
- Loss of turnover: During and after the attack, business operations can be disrupted, resulting in direct loss of turnover.
- Fines and legal costs: Depending on the nature of the data breach and the geographical location of the company, fines can be imposed by regulatory authorities. In addition, there may be legal costs due to lawsuits from affected customers or partners.
- Crisis communication costs: Managing communication with customers, partners and the public is crucial. This may involve hiring PR agencies, setting up call centres for customer support, and providing identity protection to affected customers.
- Increased insurance premiums: After a serious cyber attack, the premiums for cyber insurance can increase significantly, which increases the operational costs in the long term.
- Reputational damage: Although difficult to express in hard figures, reputational damage can lead to loss of customer confidence, reduced attractiveness for potential new customers and talent.
- Operational disruption: Costs for the temporary use of alternative processes or systems, loss of productivity, and possibly the payment of overtime to restore business operations.
The total cost of a serious cyber attack can therefore range from hundreds of thousands to millions of euros, depending on the specific circumstances and the effectiveness of the response to the attack.
The strategic allocation of the cybersecurity budget is crucial for protecting the organization's assets against an ever-changing environment. By understanding your scope well, investing in your team, prioritizing fundamental security practices and keeping pace with emerging technologies, you can create a resilient cybersecurity position. Remember that the goal is to set up a cybersecurity program that is not only reactive but also proactive and capable of anticipating and mitigating threats before they become reality.
For advice or more information, we invite you to contact us at:
Contact: +31 (0)70-800 2025
Or read more at: DeepBlue Security & Intelligence