Page 49 - Cyber Defense eMagazine January 2024
P. 49
How does shifting from a reactive approach to an outcome-based security approach enhance an
organisation's security posture?
Organisations are finding it increasingly tough to manage cyber threats. According to a study
by Forrester, commissioned by WithSecure, 75% of organisations have placed cyber security on their
priority list, influenced by a combination of global events, digital transformation and tightening regulations.
However, adversaries constantly evolve their methods, catching many off-guard.
Even with budget hikes, 90% of global IT decision-makers are in a constant scramble to counteract these
ongoing threats. Many companies are on the defensive, reacting to threats as they come. The study
found that 60% of companies operate in this 'fire-fighting' mode, leading to a mismatch in team efforts,
processes, and tech tools.
One way to get beyond this cycle is by embracing an outcome-based approach to security, which
provides a clear direction for cyber security measures. This emphasises the outcome of cyber strategies,
rather than security activity itself. Also known as ‘servitisation’, the outcome-based approach has been
around for many years in fields like manufacturing. But with cyber security being a relatively young
industry, it’s a new concept in this field.
The idea is to seamlessly weave cyber security into the business fabric, positioning it as an enabler
through which organisations can achieve their strategic objectives. Companies are turning to an outcome-
driven cyber security strategy to enhance business results, bolster resilience, and elevate productivity
and competitiveness, all while safeguarding their operations.
It's a strategy that places the focus on tangible outcomes a strategy which not only helps in fending off
unforeseen challenges but also positions cyber security as a catalyst for business growth.
How does proactively prioritising and safeguarding critical business assets lead to a higher ROI?
Imagine driving with an outdated map and suddenly finding infrastructural advancements that have left
you feeling lost. Transitioning to an outcome-based security model is much like changing your navigation
method from traditional maps to modern GPS. The starting point is to establish clear goals that resonate
with business ambitions, such as enhancing risk management, optimising customer experience, or
strengthening operational agility. One useful approach here is the ‘security canvas’, mapping out key
initiatives, resources, and costs, and balancing them against opportunities, risks, and business outcomes.
As Forrester outlines, outcome-based security is all about harnessing capabilities that help to achieve
these set objectives. This means that your risk management plans need to be in harmony with these
organisational aims. It's not just about building walls but strategically placing watchtowers to see and
counter potential threats.
Most importantly, this transformation calls for a fresh viewpoint. Instead of seeing cyber security as a cost
centre, businesses should recognise its potential as a key driver of growth, helping the organisation
achieve key objectives such as securely rolling out new services or helping teams collaborate safely. By
Cyber Defense eMagazine – January 2024 Edition 49
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
