Cybersecurity Under Pressure: The Need to Justify Every Dollar
In today's economic climate, every cybersecurity investment is under scrutiny. Security leaders are being challenged to demonstrate tangible value for each dollar spent, even as cyber threats escalate. Often perceived as a cost center, enterprise cybersecurity is facing increasing pressure to do more with less (see Figure 1).
And while companies are struggling with limited staff and budget, the threat landscape continues to evolve. High-profile incidents – like the ransomware attack on British retailer M&S, which caused an estimated £300 million (~$403 million) loss in operating profit – underline the risk of gaps in security posture. In many cases, the root cause isn’t the sophistication of attackers, but an oganization’s outdated, manual and siloed processes that delay detection and response.
Beyond financial losses, such breaches lead to reputational damage, months-long technical disruptions and regulatory scrutiny. The implications extend far beyond IT. They affect every part of the business.
CISOs must proactively streamline security operations. That means moving fast but also moving smart. The key lies in automation, improved processes and cross-departmental coordination – not just to keep pace with attackers, but to stay ahead of them.
To tackle these challenges, enterprises need to embrace two main approaches: a high-level strategy assessment followed by the optimization of security processes.
Please fill out this form to continue.
Transforming Cybersecurity: Strategic Assessment as the Catalyst
Faced with these pressures, organizations must focus on switching the CISO department from a cost center to a value creator. To start, an organization needs a holistic view of the CISO organization. An assessment should focus on several key dimensions that provide a better understanding of the CISO organization’s performance and readiness. These dimensions must be tailored to the company and their current challenges, market dynamics and the sector.
Common dimensions, which we will outline in detail below, include the mission, services, processes, organization and governance, plus people, leadership and skills (see Figure 2).
Figure 2: Common Dimensions for CISO Assessment
The five dimensions include:
Mission: Evaluate how well the CISO organization's mission aligns with overall business goals and cybersecurity needs. Every team member should understand and contribute to that mission.
Services: Assess the full range of cybersecurity services, including technical and advisory support to other departments, focusing on scope, efficiency and integration across the organization.
Processes: Ensure cybersecurity processes are efficient, adaptable and well-integrated across departments. Streamlined processes reduce overhead and improve response times.
Organization and Governance: Review how clearly roles, responsibilities and governance structures are defined and aligned with compliance requirements. Effective governance ensures accountability and drives coordinated cybersecurity efforts.
People, Leadership and Skills: Examine whether the CISO team has the right mix of expertise, leadership and skills to meet evolving threats. Early identification of skill gaps is key to staying ahead.
Organizations can use statements like the following to evaluate each of the five dimensions:
Requirements of the CISO department are easily understood by the non-security departments.
The existing organizational structure efficiently and effectively supports the execution of information security processes.
The software (tools) used in the CISO department support CISO services and processes.
The CISO organizational structure supports the efficient and effective fulfilment of the CISO mission.
The assessment should include a structured evaluation form and questionnaire incorporating a maturity rating system for quantitative analysis and measurable insights into each dimension. The assessment should also include a comment section for qualitative analysis so the organization can get a more comprehensive understanding of its strengths and areas for improvement.
Such a structured assessment will serve as a foundation for conducting in-depth interviews both within and outside of the CISO organization. Engaging external stakeholders is vital as it allows for an evaluation of potential discrepancies between the CISO team’s self-assessment and the perceptions of other departments that rely on their services.
It’s important to analyze the collected data objectively to accurately identify critical pain points. This approach ensures a balanced view, taking into account both the perspective of the CISO team and those of other departments. Importantly, this kind of assessment shouldn’t be conducted in a vacuum. Applying industry best practices and benchmarking the results against the market helps to identify practical improvements that enhance security posture – enabling organizations to achieve more with fewer resources.
But what do you do if the results show that your security processes are not working as seamlessly and efficiently as needed to protect your valuable assets? This is where value stream mapping comes in.
Visualizing Efficiency: How Value Stream Mapping Clears the Roadblocks
Picture your cybersecurity operations as a busy highway. When processes are poorly documented or siloed, work can pile up like a traffic jam – slowdowns, bottlenecks and frustrated travellers at every turn. Value stream mapping (VSM) is the approach that clears this congestion. By visualizing the processes from start to finish, VSM helps identify exactly where the "accidents" and bottlenecks are and shows how to get things moving smoothly again.
VSM serves multiple purposes:
Highlights strategic improvement: Helps identify key areas for improvement, setting the stage for targeted enhancements.
Provides a tool for change management: Can be used as a tool that provides a clear framework for initiating and managing change within the organization.
Visualizes processes: Offers a holistic view of work and information flow, helping all stakeholders understand the broader impact of each step.
To accurately prioritize which processes need attention, an assessment questionnaire can be an invaluable tool – in the same way traffic data helps uncover congested roads and intersections. Such a questionnaire should rate each process via a range of targeted questions, allowing both the CISO team and involved departments to provide structured feedback. Using a quantitative scale, the assessment can reveal critical insights into each process’s efficiency and effectiveness. Key issues to consider include roles and responsibilities, handover points, length of process and waiting times.
Once high-priority processes are identified, the next step is to apply the VSM methodology. This involves a structured series of steps aimed at reshaping processes for efficiency and effectiveness:
This process should ideally be conducted through on-site workshops involving all relevant stakeholders. A collaborative workshop format allows for diverse perspectives, ensuring no step is overlooked. The result is a lean, efficient and well-documented process that aligns with both organizational needs and cybersecurity best practices.
Additionally, this approach allows for the insertion of new technologies like the use of artificial intelligence (AI) within cybersecurity applications and processes. The implementation of the right AI use-cases can help the security team increase response time and focus on the most critical incidents.
Building a Stronger, More Efficient CISO Organization
Cybersecurity isn’t just a technical challenge – it’s an organizational one. A systematic assessment provides organizations the insights they need to streamline operations, eliminate inefficiencies, save costs and foster a more agile cybersecurity team.
Benchmarking these findings against industry best practices – considering factors like CISO organizational structure and average expenditure per division – offers valuable context and allows organizations to refine their approach further. This external lens provides clarity and enables more detailed insights into areas where the CISO organization is lagging behind.
And the stakes couldn’t be higher. The M&S ransomware attack, which caused hundreds of millions in losses, demonstrates the consequences that inefficient processes and delayed response times can have.
According to a study conducted on behalf of ServiceNow:
60% of breach victims said they were breached due to an unpatched known vulnerability where the patch was not applied
52% of respondents say their organizations are at a disadvantage in responding to vulnerabilities because they use manual processes
These aren’t just numbers – they’re red flags. In an era where a single missed patch can open the floodgates, manual workflows and slow processes are liabilities.
The average cost of a data breach is estimated at £3.8 million (~$4.9 million). Efficient processes, including fast patch cycles, automated responses and streamlined governance could mean the difference between a contained incident and a full-scale crisis.
Ready to Transform? Take the Next Step
Today’s CISOs are expected to do more than protect – they must prove value, drive efficiency and enable resilience. ISG’s expertise in cybersecurity, combined with benchmarking insights, empowers organizations to transform their CISO organization from a reactive to a results-driven model.
Let’s talk about how your CISO organization can become leaner, sharper and ready for what’s next.
About the authors
Anas Barmo
As a trusted advisor, Anas leverages his expertise in cybersecurity, risk management and project management to help clients across sectors and regions. By bridging gaps between departments, Anas improves the overall security and risk posture and drives the business forward.
Stephan Weisser
Cezar Adam
Cezar is a Consulting Manager in ISG’s global Service Line Digital Strategy and Solutions as well as part of the Adaptive Organization team which provide solutions and competencies that are necessary for successfully integrating internal and external IT services and support the clients towards their Digital and Agile Transformation.
Cezar is an expert in Digital Target Operating Models and IT Service Management, providing fully customer-oriented solutions under the standards of Operational Excellence and Continual Service Improvement.
