Complexity and broken processes: Todd Thorsen, CISO at data recovery vendor CrashPlan, said that some breach victims may conclude that they were more exposed to the complexity of their IT environment rather than insufficient investment.”Complexity can be as big a problem as underinvestment in security, duplicative systems, poorly managed integrations, shelf-ware, etc.,” he says. “This may lead to some organizations simplifying their environments in the wake of a breach and focusing on the right tools, optimization, and consolidation.”Mark Wojtasiak, VP of product research and strategy at Vectra AI, argues that the decline in post-breach investment intentions suggests a wider shift of mindset among cybersecurity professionals.”Many security leaders now see breaches less as a signal to buy more and more as an indicator of broken processes, governance gaps, or underutilized capabilities,” he says. “As a result, rather than seeking fresh budget, organizations are focusing on improving how they use existing technology and partners.”Other experts were far less sanguine about suggestions that breached firms were less likely to invest in cybersecurity improvements in the wake of a breach.AJ Thompson, chief commercial officer at Northdoor and member of IBM’s Worldwide Security Advisory Council, described the finding as “disturbing.””The fact that an organization has been breached means that there is already a vulnerability in place that can be exploited, not addressing this with increased security is foolhardy,” Thompson says.
Limited focus on AI-driven security enhancements: Less than half of those that plan to invest post-breach will focus on AI-driven security solutions or services, according to another key finding from IBM’s report.”The limited focus on AI-driven solutions is surprising, given how AI and gen AI are reshaping the threat landscape,” Upwind’s Shachar says. “Organizations need tools that can secure AI workloads against risks such as data leakage, adversarial manipulation, and unauthorized model access, gaps traditional defenses can’t address.”Fortitude Re’s Franklin adds: “AI has a role, but it won’t solve process failures, strengthening governance and automating fundamentals remains the smarter path.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4046421/only-49-of-companies-to-increase-cyber-budget-after-a-breach.html
