5 Reasons Why Information Security Departments Are Under-Resourced

By David Owen, director of strategy and Marketing, BA

Everyone knows the moment new technology is purchases, it doesn’t take long for it to become outdated. As technology in all aspects of our lives continues to develop at a startling pace, businesses feel the pressure to become as up-to-date as possible. One of the biggest concerns many companies have is keeping their data secure as technology grows around their capabilities.

Because of this, the information security departments of many companies are under-resourced as the demands for cyber security support outstrips the organisation’s ability to provide the service. 

David Owen, the director of strategy and marketing for Asia Pacific and Middle East, BAE Systems Applied Intelligence, cites five reasons information security is feeling the pressure.

1. Sensitive Information Is Proliferating Outside The Corporate Moat 
Increasing numbers of employees are using non-sanctioned applications like Dropbox on work devices. As company information proliferates across a myriad of major cloud providers, business process outsourcing services, IT service providers and data analytics consultancies, security departments struggle to govern and track all of these. 

2. Security Is A 'Contraceptive' Business Case 
There is an indirect relationship between investments in security and positive business outcomes like higher revenue, greater market share or reduced costs. Therefore companies are often unwilling to invest in threat management as a priority over other potential business investments. This leaves the security department under-prepared for preventing and detecting cyber threats. 

3. The 'Protect Everything' Mindset 
Many organisations spend the vast majority of their resources on baseline controls to protect the entire organisation (often at the perimeter), rather than pinpointing controls towards the specific systems and business processes that relate to sensitive information (which often straddle the perimeter into the supply chain). 

4. Hardening Regulation Adds Costs 
Governments and regulators constantly ratchet-up regulation, and this regulation is sometimes wide-ranging in its impact. Yet security teams are often expected to accommodate the cost of new regulation within an existing budget baseline rather than assessing the true incremental cost of adoption. This can result in a focus on compliance over risk management. 

5. Cyber Security Isn't owned By The Wider Business 
In many organisations the prevailing view is that users should be able to just turn up at their computer without considering security. This mindset ignores the fact that an increased proportion of sophisticated security threats focus on persuading the user to take an active role in the compromise, and that staff, managers and leaders all own the problem. 


Featured Articles

People Moves: Pine Labs, Deutsche Bank, McKinsey, Fortinet

Pine Labs names former Amazon exec as chief people officer, Fortinet hires government affairs leader for APAC, McKinsey India poaches Accenture HR exec

Dialight envisions a world of industrial safety with LEDs

Reliance on inefficient lighting technologies are not only harmful to the environment, but also increase injury risk and cost

Top 10: Must-see speakers at TECH LIVE LONDON 2022 event

Technology leaders from IBM, Oracle, Vodafone, JP Morgan, Accenture and the US Space Force are among the 80-plus speakers at upcoming TECH LIVE LONDON

Vodafone Business cyber leader Kawalec speaks at Cyber LIVE

Leadership & Strategy

Twitter timeline – how Musk pulled off a hostile takeover

Leadership & Strategy

Top 10 Asia restaurants, from Tokyo’s Den to Bangkok’s Sorn

Leadership & Strategy