Blogs & Opinions 08.06.2023

Four Considerations for CISOs Making Security Investment Decisions

Ellen Sundra considers benchmarking, connectivity, scaling and automation.

With a rapidly evolving threat landscape and reduced budgets creating a match made in hell, Ellen Sundra maps out four considerations CISOs need to keep in mind when making cybersecurity investment decisions

For years, organisations didn’t understand the importance of visibility when securing their IT networks. In fact, until 2020, the average business only saw 30% of what was occurring internally, according to McKinsey. However, recent cyber attacks on the likes of the NHS, GoDaddy, Uber and SolarWinds have brought the repercussions of neglecting network visibility into sharp focus.

In the year that followed January 2022, the financial damage caused by cyber crime amounted to £4 billion. These incidents have highlighted network visibility as a key focus within an organisation. Like dominos falling, each attack triggers other businesses to assess whether their existing internal and external security processes are enough.

As organisations discover and unearth their vulnerabilities, many perceive themselves as well-equipped to mitigate them. But they aren’t. This realisation has forced conversations around security to drastically shift from ‘What do we need to look for?’ to ‘How do we respond?’.

Combined with an evolving threat landscape, this has presented CISOs with a whack-a-mole security dilemma. As they tackle one vulnerability, another appears in a different area of the organisation. As a result, CISOs find themselves at an involuntary standstill, grappling with the challenge of maintaining impenetrable networks amidst budget cuts and reduced staffing levels.

Here are the key factors that CISOs should consider when balancing risk mitigation with security investment decisions:

1: Benchmarking

 Identifying a vulnerability is only half the battle. Now that CISOs have access to vast amounts of data, benchmarking is the next step in creating a tangible and effective investment portfolio. As part of this stage, CISOs should ask themselves, ‘How is security success defined in the business?’ CISOs can’t prove the need for a specific budget without criteria or assessment of the existing processes.

In light of this, CISOs should perform a comparison against similar organisations in their industry to gain an understanding of the benchmark. Establishing a comprehensive investment plan is a fundamental starting point that confirms to shareholders how the security portfolio will operate, alongside the associated risk and return potential.

2: Enhanced connectivity

Given tightening budgets, most CISOs do not want to overhaul their entire IT network to address the increasing threat landscape. Instead, they rely on the best practice of network segmentation, a functionality included in many existing networking tools. Network segmentation is a tried and tested security principle as it prevents cyber criminals that have infiltrated an organisation from moving laterally between networks.

When embarking on a segmentation project, starting with an overarching view of all the traffic flows across the network is critical. This will help baseline critical flows and identify unnecessary engagement between devices that do not require communication to function. In addition, establishing rules and limiting non-critical communication will significantly decrease the risk of a breach and limit the propagation if one does occur.

3: Scaling up

Most organisations have braced themselves for a financial downturn. For some, this has meant migrating to the cloud. A key benefit of the cloud is its ability to quickly scale up and down to match business needs without requiring expensive software or hardware upgrades. However, it is not without its vulnerabilities.

Security is a paramount concern for technologies that store and share data in the cloud. Attacks on institutions such as Capita and the HSE have highlighted organisations that handle vast amounts of data as prime targets. As a result, CISOs considering a move to the cloud should first evaluate applications and data to determine those ideal for migrating, which could potentially increase productivity without introducing additional risk. For CISOs, it’s important to have a clear strategy of what will move to the cloud and how it will be secured.

4: Act on automation

CISOs need a security solution that acts immediately to combat threats occurring in real-time. With an estimated global shortage of 3.4 million cybersecurity professionals (according to (ISC)2), CISOs should consider a security solution that provides flexible support to existing teams and reinforces vulnerable areas without supervision.

Although CISOs know the significant role automation can play in threat detection and resolution, there remains a degree of apprehension. This hesitation stems from the fact that automation failures in the past have often been attributed to organisations lacking trust in their confidence to identify devices on the network.

Despite this, security automation can take on repetitive, data-driven tasks and immediately respond to network attacks and breaches. This, in turn, allows teams to focus on tasks that require human intervention. Combining automation with increased network connectivity enables CISOs to establish a flexible security process. This is because an overarching solution can process a network’s data in real time and respond accordingly.


The amalgamation of a continually evolving threat landscape and tirelessly persistent threat actors has pushed network visibility to the top of the priority list when making security investment decisions. Previously, CISOs and their organisations did not have the necessary data to guarantee this visibility. But now they are.

As discussions transition from ‘Where are the vulnerabilities?’ to ‘How do we resolve them?’, the expectation for CISOs to create impenetrable networks remains. As CISOs look to balance this expectation with budget and staffing cuts, honing a security investment plan that incorporates tangible benchmarks, enhanced network connectivity, techniques for eased scalability and methods for embracing automation is imperative.

Ellen is the chief customer officer at Forescout. She has over 25 years of experience in the cybersecurity industry and was recently named one of the top 25 women in cyber by Cyber Defense Magazine. Before joining Forescout, Ellen worked as a network architect and security advisor with iPass, UUNet and WorldCom. She also holds a BA in computer science from Rollins College and is a Certified Information Systems Security Professional (CISSP).



Latest articles

Be an insider. Sign up now!