Determining and allocating sufficient resources and cyber security budget relies on the successful relationship between senior leadership and cyber security professionals. An organisation’s overall security posture can improve if everyone agrees about the budget, resource allocations and how they impact the business.
Many factors influence how you develop a business case for a cyber security budget. The only way to help prevent an attack is to strengthen your security awareness, posture, and defences, a process that merits investment for every organisation.
Determining cyber security budgets can vary based on many factors such as industry, organisation size, culture, business model, and risk appetite, among others.
The budget calculation for an OT security program is not an easy task. Many organisations have never attempted or completed this task before, and therefore, they are not familiar with the calculation methodology.
Yokogawa has developed a calculation methodology as part of our business case model, which helps answer these questions and defines the appropriate resources and budgets required for an OT security program. Our methodology and business case model helps organisations answer the following problem statement:
“On what basis, how and to what extent do I have to invest in cyber security to have a risk exposure that is deemed acceptable to the organisation and me?”
Cyber Security Risk versus Budget
Organisations must accept that you cannot reduce the cyber security risk to zero, you will always have to accept and manage a certain level of risk. To reduce the risk to an acceptable level, you need resources and a budget. Plans have no value if ultimately, the budget is not available. Cyber security starts with risk versus budget.
Organisations that Yokogawa has supported have been able to develop a corporate cyber security plan which could be explained and embraced by the employees.
The Business Case provides a cost breakdown for the following:
- Organisation (for additional resources and or roles for managing the OT Cyber Security Management system)
- Design and Implementation (for the upgrade measures or adding new measures)
- Training and Change Management (for training members and change the cyber security culture in the organisation)
- Countermeasures (for the purchase of hardware, software and managed services)
- Incident Management (for implementing or upgrading the Incident Management System)
- Monitoring and Compliance (for monitoring effectiveness and performance and to ensure Compliance)
Op zoek naar meer informatie over onze mensen, technologie en oplossingen?Contact