Many companies are spending increasing amounts on cybersecurity tools, but are not confident that these investments are making their infrastructure secure, according to a report from Juniper Networks and RAND.
CISOs need a way to better understand the variables that most influence the cost of managing cybersecurity risk holistically and the different decisions they can make to protect their organizations.
To address this need, RAND developed a heuristic economic model that for the first time maps the major factors and decisions that influence the cost of cyber-risk to organizations.
With RAND’s model projecting the cost to businesses in managing cybersecurity risk set to increase 38% over the next 10 years, Juniper believes that the time is now for organizations to start managing security spending and risk management as a discrete business function.
Juniper Networks believes there are five major factors confirmed by RAND’s model that companies should strongly consider as they evolve their security postures.
First, many security tools have a half-life and lose value. Attackers are constantly developing countermeasures to new detection systems such as sandboxing or anti-virus technologies. RAND’s model projects that over 10 years the effectiveness of these technologies that face countermeasures falls by 65%.