Cybersecurity Bucks Being Invested in Shelfware
Organizations confused about how to assess cybersecurity investments.
Although cybersecurity has been getting a lot of well-deserved attention lately, 90 percent of companies recently surveyed admit that their organizations have invested in a security technology that was ultimately discontinued or scrapped before or soon after deployment. The survey also revealed that the most important metrics are the least reliable. For example, although 70 percent of respondents said return on investment and total cost of ownership are critical metrics for investment and measurement of a technology’s economic benefits, the same number said it is difficult to calculate these metrics.
Survey respondents cited cost, performance and vendor support as the most important factors when investing in security technologies. However, features such as interoperability, proven risk reduction and lack of complexity were not considered as important.
“As cyber threats increase, it is troubling to see so many cybersecurity tools purchased by organizations end up as shelfware,” Greg Boison, director of homeland and cybersecurity, Lockheed Martin, says. “When cyber dollars are scarce, organizations should not only evaluate which tools their enterprise needs but also whether they have the internal and external resources to deploy, maintain and leverage them.”
Lockheed Martin commissioned the survey of U.S.-based senior information technology practitioners from organizations in the financial services, federal government health care, critical infrastructure and pharmaceutical industries. Data security research group Ponemon Institute conducted the Risk & Innovation in Cybersecurity Investments survey, polling 618 U.S.-based senior information technology practitioners.