As businesses battle the severe economic downturn due to the COVID-19 crisis, there is an expectation that CxOs will focus on prudent cost management. CISOs have already started thinking on these lines and identified discretionary spend that can be rationalized. They are currently balancing between reducing costs and positioning for recovery and future growth.
How CISOs can drive cost optimization in the new normal
CISOs can look at a range or methods to release funds for current and future needs (See Figure 1). By applying a combination of measures, one can unblock the potential use cases needing attention:
1) Business ‘line of sight’: Realign to the shift in business priorities by capturing revised Business & IT directives into a capability map. Undertake a broad-based view of cybersecurity capabilities and the present and planned cost models.
Figure 1: Strategies for cost optimization
2) Drive simplification: The present situation provides the best opportunity to organize simplification drives across business.
3) Improve productivity: The CISO organization, while being largely understaffed, has multiple activities and responsibilities that could be optimized through process streamlining and re-organizing working methods. Assurance, Operations, Service-Delivery are domains that can be prioritized.
4) Exercise flexibility with partners: While current service contracts are multi-year or due for renewals, CISOs can tap into the flexibility built into these constructs and adapt to change in demands. Close to 20% reduction in costs can be exercised by exploring options that can allow operations at planned volumes. Reducing service levels, decommissioning low usage systems, limiting capacity of some environments, and right-sourcing using a global delivery model can be explored with partners.
5) Hyper-accelerate cloud journeys: CISO functions, while being the enabler for IT cloud initiatives, could use some of the cloud-specific cost attributes themselves. A quick assessment of current service characteristics from a ‘cloud-readiness attribute’ should deliver a view of controls and services that can leverage cloud-specific consumption models. Re-platforming and retooling may not deliver immediate cost benefits, but it is a step in the right direction.
Focus should be towards a detailed execution plan and a clear view of the savings that is to be unlocked (See Figure 2). The execution team should also be empowered with quick decision-making and resources.
Figure 2: A plan to unlock savings
Investing for a cyber-resilient future
CISOs also have an interesting opportunity at hand. While it must contribute to overall cost savings, it must establish Cyber-Resilience as an important context for business/board support.
The savings, if invested into cyber resilience initiatives, will prepare the enterprise for the new normal. The newer business imperatives and need to drive revenues, in most industries, is a shift to Digital and the channels it offers.
CISOs’ priorities for investments are:
Balancing cost reduction while re-organizing investments for business priorities is the new normal for CISO offices while taking their functions to the next normal.
Sr. Partner – Consulting & Advisory, Wipro
Rajesh represents Consulting & Advisory at Wipro and works from the London office. He has over 2 decades of experience in Risk Management & Cybersecurity advisory, and has worked with clients across multiple continents.
Email: firstname.lastname@example.org or email@example.com