Why aren’t organizations investing enough on cybersecurity?

Michael Michie (lleft), CISO moderating a security resilience at CIO100 Symposium

Although hacking continues to breed misfortunes on the digital platform, more so to organizations since the invention of the Internet, a number of corporate firms are yet to invest in cyber resilience to tame the potential breaches.

In an insightful panel session at CIO100 Symposium organized by CIO East Africa, Anna Collard, managing director Popcorn Training –a KnowBe4 Company, Aprielle Oichoe, managing director Infosphere, along with Cas Liddle and Ross Addis moderated by Michael Michie, M-Oriental Bank CISO noted that organizations will have no shortcuts but to invest on cyber resilience.

In a well-attended breakout session, the panelists moderated by an end-user were asked the tough questions why organisations hardly invest enough on cybersecurity and how organisations shoot themselves on the foot with their nimble cybersecurity strategies that focus on purchase for the sake of cybersecurity.

Off the ground the panel had to answer the price differential between exploits, malwares and the solutions they offer. Research and development play a part in the pricing and the business end of these organisations considering that they have to make money.

Although all the blame can’t go to the high prices of these next gen technologies, it came out during the panel that end users should not invest in cybersecurity solution by checklist technique. It emerged that some end users rush through a cybersecurity strategy and move in to quickly purchase all the solutions without understanding how to get the best out of the strategy and the value of security by design.

Fear factor came up as tool used by vendors to push up the cost of cybersecurity solutions especially in the wake of rampant breaches. Poor understanding and implementation of cybersecurity solutions harms return on investments and makes it more difficult if not impossible for organisations to reinvest further into cybersecurity.

False sense of security was also noted as factor for the lack on investment coupled with lack of understanding cybersecurity or not having the right personnel for the job.

Equally, discussed was the minimum requirements an organization should have in order to adequately manage cyber security risk? Not an exact figure was arrived at but it was well noted that risk management and the value of the assets to be protected should be used to set a minimum base line that organisations can then grow from there.

The role of regulation on cybersecurity and how it affects spend was also explored discussed, is there value in regulation driven cybersecurity agendas or does it make cybersecurity to expensive

The panellists summed up the session with closing remarks that focused on improving strategy and governance, proper implementation for proper ROI.

Just after moderating this session, Mr. Michie took a quick poll from the audience on the responsibility of cybersecurity, ending the session on the need to focus on security by design and further reflected on what various members in organizations to enhance cybersecurity. Of importance in this regard was how organisations can manage the challenge of investing in cybersecurity, reduce the costs and ultimately better the return on investment.


Please enter your comment!
Please enter your name here