View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Dire investment choices holding back cybersecurity success

You might be investing, but are you investing in mistakes?


IT practitioners are not considering a wide enough range of factors when investing in cybersecurity.

Business objectives were found to be most influential in choosing a specific technology, cited by 73 percent of respondents. Security risk took a close second with 68 percent of respondents, while only 45 percent cited compliance with regulations.

In addition, 64 percent of respondents claimed cost and 56 percent performance and vendor support were the most important factors when investing in security technologies.

Interoperability, proven risk reduction and lack of complexity were not considered as important, with only 39 percent, 11 percent and 8 percent citing them respectively.

Seventy percent of respondents said it was difficult to calculate an accurate return on investment (ROI) for a given security technology, despite

70 percent of survey respondents believing it was a critical metric for investment, alongside total cost of ownership (TCO). Sixty-one percent also claimed the same of TCO calculations.

Some 15 percent of respondents said that their organisations did not use ROI or TCO at all. Of these, 56 percent used improvements in efficiency and 50 percent used reduction in downtime as ways to determine a technology’s viability.

Content from our partners
The growing cybersecurity threats facing retailers
Cloud-based solutions will be key to rebuilding supply chains after global stress and disruption
How to integrate security into IT operations

The research suggested practitioners were making mistakes with their choices, with 90 percent of survey respondents saying that their organisation had invested in a security technology that was ultimately discontinued or scrapped before or soon after deployment.

31 percent of security technologies purchased over the past 24 months by organisations surveyed were never fully deployed.

"As cyber threats increase, it is troubling to see so many cybersecurity tools purchased by organisations end up as shelfware," said Greg Boison, director of Homeland & Cybersecurity at Lockheed Martin.

Boison added: "When cyber dollars are scarce, organisations should not only evaluate which tools their enterprise needs, but whether they have the internal and external resources to deploy, maintain and leverage them."

The research polled 618 U.S.-based senior IT practitioners from a variety of sectors, including financial services, the federal government, healthcare, utilities, energy, and pharmaceuticals.

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy