KPMG: Cyber cost optimisation strategy crucial during a crisis

KUCHING: Cyber cost optimisation strategy is crucial during a crisis, KPMG in Malaysia highlights, noting that companies should revisit their overall cost efficiency and bolster funds towards cybersecurity as an essential part of their digital transformation plan.

The economic uncertainty amidst the current pandemic has resulted in mounting pressures for organisations to contain costs.

These budgetary concerns also apply towards cybersecurity spending, where there is often a tendency to cut from technology investments despite the ever-present threat of cybersecurity breaches.

According to KPMG Malaysia, companies should instead revisit their overall cost efficiency and bolster funds towards cybersecurity as an essential part of their digital transformation plan.

It is not about investing in the latest technology, but rather to strategically focus investments in developing a robust cyber defense capability.

“Achieving cost efficiency while maintaining robust cybersecurity controls is a complex task at the best of times, and even more so in the middle of a pandemic,” KPMG’s Cyber head Jaco Benadie observed.

“While organisations significantly increased their investments into digital adoption last year to cope with the new normal, cybersecurity tend to be relegated as an afterthought in favour of enabling customer engagement online and improving employee mobility.”

It was observed that a total of 10,790 incidents were reported to CyberSecurity Malaysia during 2020.

A worrying global trend, including Malaysia, is the increase in ransomware attacks with the Financial Times reporting that cybercriminals profited more than US$350 million in 2020, a 311 per cent increase from 2019.

Citing a recent incident in January where a hacktivist group had threatened to hack government websites and online assets, Benadie added that the government’s initiative to increase cybersecurity uptake among businesses through the Malaysia Digital Economy Blueprint is certainly timely and showcases their commitment to double down against cyber threats.

“Not only do organisations face mounting cost pressures due to extended restricted movement control orders, they also need to ensure their security can defend against adversaries in the evolving threat landscape.

“This of course means that they have to ensure they invest adequately and are able to strike the right balance in their budgets.”

The world’s IT leaders spent more than their annual budget rise in just three months last year as the global crisis hit and lockdowns began to be enforced, according to Harvey Nash/KPMG CIO Survey 2020.

This was one of the biggest surges in technology investment in history. However, this massive increase in cybersecurity spend would be unsustainable in the long run, and it is anticipated that technology budgets will be under more strain in the year ahead.

KPMG’s latest report Security through a downturn listed five challenges and the best corresponding strategy that Chief Information Security Officers (CISOs) should consider: cash preservation, third-party security spend, cybersecurity tools and abundance of projects, regulatory and compliance obligations and security processes.

“During these turbulent times, an organisation’s cybersecurity controls could be the sole defense against cyber breaches or attacks.

“A cyber incident not only disrupts the business, it often undermines brand trust that may have taken years to build. organisations, and especially CISOs, should plan their technology investments strategically in order to achieve significant returns for the long-term.

“This not only enables commercial operations to continue uninterrupted, but also safeguards the hard-earned trust placed on the company by their customers.”