How to rebalance Cyber Security investment to mitigate and manage risk

I wasn’t surprised this morning to read that Cisco are to buy Cyber Security firm Sourcefire. What did surprise me was the price tag – $2.7 billion!

Cisco agreed to pay $76 per share, a 29% premium on Monday’s close. At 10 times Sourcefire’s 2012 sales, the deal carries a hefty price tag [Source: The Wall Street Journal].

The $2.7 billion tag reflects the boom in demand for cyber security expertise as companies and consumers become more aware of hacking threats.

According to The Wall Street Journal, venture-capital firms are pumping money into cyber security startups that do contracting work with the U.S. government, and some cyber security firms are considering an Initial Public Offering (IPO).

High valuations and investment in Cyber Security technology companies is nothing new:

  • In 2010, Intel Corp. bought security giant McAfee Inc. for $7.68 billion
  • In 2006 EMC Corp. purchased RSA Security Inc. for $2.1 billion.

So what’s the common factor that makes these high-value acquisitions so attractive?

Let’s take a quick look at what these companies do:

  • Sourcefire Inc. specialises in detecting malicious software slipped into computer networks,
  • McAfee Inc. are the world’s largest dedicated security technology company,
  • RSA Security Inc. were an identity and access management vendor at the time of acquisition.

All three companies supply Cyber Security TECHNOLOGY. Clearly this is where the big money’s at!

But is it proportionate to the Cyber Security challenge that all organisations face?

Considering that nearly half of the respondents of our recent Boardroom Cyber Watch Survey admit they don’t make the right level of investment in information security – or are unaware if their investment is appropriate – I’d be willing to bet (and I’m not a gambling man), that a lot of money is being spent disproportionately on technology solutions, and that not enough focus is put on the equally important ‘PEOPLE’ and ‘PROCESSES’ part of the problem.

This is no surprise given that less than a third of respondents believe an understanding of current security threats is a prerequisite for a board-level job candidate. What does worry me though, considering the unbalanced investment in technology solutions vs people and processes, is more than half of respondents believe the greatest threat to their company’s data and computer systems is their own employees!

How to rebalance Cyber Security investment to mitigate and manage risk

There’s no denying that organisations should spend money on the technical aspects of cyber security. But how you manage this technology (the processes you put in place), and the people that use or are responsible for maintaining this technology (policy/training etc) could be the difference between a Cyber SECURE or a Cyber INSECURE future!

Conducting a cyber-security risk assessment, for example, will help identify the gaps and provide a better understanding of which areas need to be addressed. When equipped with a detailed report, the board and senior managers can then make an informed decision on how to spend their budget.

And you may be surprised at the amount of money you could save through a better understanding of your technology requirements!

Make an enormous leap forward with this 3-step action plan:

  1. If you need expert external support to get out of the cyber risk zone, call 0845 070 1750 or email servicecentre@itgovernance.co.uk today to see how quickly we can get an experienced consultant to come and assess your exposures and take the first steps to a more cyber secure business future.
  2. Book onto the Managing Cyber Security Risk Training Course to gain the knowledge and practical skills necessary to develop and deploy effective cyber security risk management strategies, to protect your organisations in cyber space.
  3. Purchase the Cyber Security Governance & Risk Management Toolkit and consolidate five separate cyber-security approaches into a single, comprehensive, robust framework.

 And as an absolute minimum:

Purchase An Introduction to Hacking & Crimeware – A Pocket Guide. It’s of value to anyone with an interest in trends in computer hacking and computer security. It will be of particular value to anyone who needs a basic understanding of the area before hiring a computer security consultant … read this pocket guide and arm yourself with a basic knowledge of the threat and the steps you can take to defend yourself.