Cyber security optimisation in organisations - pwc

December 2020

Securing the future of business

Cyber security optimisation in organisations

Cyber in Perspective

IntroductionBusinesses today are transforming their ways of working and redefining the future of their operations. They are migrating towards a ‘work from anywhere and anytime’ model of operation, with an increasing focus on utilising low-touch business solutions. There is also increased focus on business resilience in order to strengthen systems and processes so that they operate seamlessly during a crisis. Rapid diglitalisation across organisations had already made them prone to cyberattacks. The COVID-19 crisis has resulted in an increase in the number of cyberattacks on organisations. Along with a surge in cyberattacks, there has also been a shift towards more sophisticated attacks that seek to exploit the chinks in the armour exposed by the transformation process that is under way. Such a scenario requires organisations to enhance their capabilities in order to successfully navigate the increased threat surface, ensure protection of their data and smoothly continue business operations.The COVID-19 crisis has impacted a number of organisations and increased cost pressures. The crisis has also made it imperative for organisations to enhance their cyber security capabilities on the one hand and optimise cyber security resources on the other.

2 PwC | Securing the future of business


Organisations are focusing on how to deal with the dichotomy between cost reduction and cyber security optimisationFactors behind cyber recalibration Business objectives

Transformation to adapt to the future of business

Enhancing cyber security capabilities

Optimising cyber security resources

Ever-increasing cyber threat landscape

Increased COVID-19 themed attacks

Shift in cyber security priorities

Increased cost pressure

Security optimisation across areas will help businesses achieve their objectives.

Security processes

Security organisation

Security operations

Security technology


Security optimisation is the key to secure the future of business

Security technology optimisation

Optimised security operations

Agile security organisation

Automation of security processes

Securing the future of business


Security technology


Organisations are struggling to optimally utilise their implemented security technologies. Often, there are overlaps in security technologies as well as underutilisation of tools and technologies.Organisations need to focus on understanding their security technology landscape and identify areas where security technologies can be optimised either through consolidation and enhancement, or by leveraging open-source and light-weight start-up solutions.

At an overall organisational level, the costs of security operations and management are increasing due to the wider threat landscape. Traditionally, organisations build all of their operational services in-house on a fixed-cost model. However, this approach has led to increased costs, administrative burden and the additional hassle of managing a large set of internal tools, technologies and in-house resources.There is scope for improvement in the way organisations handle security operations and associated costs. They can explore other avenues such as managed security services, cloud-based service delivery and transaction-based pricing models.


Due to the cyclic nature of most businesses, it has been observed that required skills are dynamic and change with time. Skills related to cloud technologies, orchestrated response and emerging technologies are becoming more important. While organisations may hire people skilled in operating new technologies, upskilling and cross-skilling existing resources are more efficient, considering evolving requirements.Organisations may consider engaging external experts as chief information security officers (CISOs) in other security roles to optimise the costs of hiring and training. Additionally, there is scope to leverage existing resources in cross-functional teams to build extended teams and support security requirements during critical situations.


Security teams in organisations spend a lot of time performing low-intelligence routine tasks. Also, most organisations do not have centralised security teams, leading to a disintegrated view of the organisational security landscape. Organisations need to move away from such siloed processes for security management and gradually shift towards a more cohesive approach, with automation as the basis of security processes and operations management. Automation technologies help in decreasing the administrative burden related to manual handling of certain aspects of security processes. Leveraging these technologies as the foundation for managing security processes will not only optimise the effort and resources required for maintaining cyber security across organisations, but also help in reducing the overall error rates and associated security risks.


Security technology optimisation

Security technologies have continually evolved to meet the growing demands of an increasingly changing threat landscape. While it is necessary to implement security technologies across an organisation to protect it against the evolving cyberthreat landscape, it is also important to understand the overall security posture of an organisation and optimally deploy security technology.

Security technology optimisation is the quickest method to optimise cyber security for an organisation. Typically, organisations have focused on creating multiple layers of security and using a combination of security products, design principles, manual controls and routine checks to manage their overall security posture.Organisations that have been on the cyber security journey for a significant period of time will understand the need to regularly take stock of their security stack. Security tools and solutions have a tendency to overlap or remain underutilised if left unchecked. Additionally, organisations have approached cyber security in a piecemeal fashion by adding technologies to their set-up whenever they felt it was necessary to fill certain point-in-time security gaps, overlooking the overall security posture.Further, organisations consider established commercial off-the-shelf (COTS) products for their security requirements and do not generally consider other options, including open source/domestically produced security tools, that may provide the desired level of security contextualised to the threat landscape.

Today, it is imperative for organisations to look at their security technology stack holistically to enhance security and optimise resources.Many organisations have invested in multiple security technologies, some of which have overlapping features. This happens as some new-generation technologies combine the multiple features provided by traditional technologies. For example, next-generation firewalls have capabilities such as intrusion prevention, URL filtering and application control, along with features provided by traditional firewalls.Organisations can enable additional features and functionalities in their existing security set-up to provide additional security coverage. For example, threat intelligence feeds can be enabled in next-generation firewalls, security incident and event management (SIEM) tools and anti-advanced persistent threat (APT) systems to provide contextual information on security events.Organisations can also look at implementing open-source security solutions as well as light-weight start-up security solutions and services that provide the desired level of security at optimised costs. Given the aforementioned considerations, there is a huge opportunity for organisations to optimally leverage security technologies.



Cyber security services have traditionally been built on-premise and their service provisioning operates on a fixed-cost model. However, this can lead to unnecessary cost overruns.

Pay for what you needFixed costs are easier to budget for since they remain constant during a year. However, with evolving business landscapes and shifting operational priorities, security organisations should strive to identify linkages between business functions and related security services. This will enable them to move to a variable cost model and successfully mitigate increasing budgetary constraints.

Cyber security activities such as monitoring a 24x7 security operations centre are already being outsourced to enable variable cost models that help organisations moderate their security spending. The current crisis has also triggered a need to relook at how day-to-day security operations, administration and management activities can be carried out by leveraging third-party managed security service providers.

Organisations can leverage third-party security services across multiple areas, including governance, implementation, operations and compliance, to implement the security as a service (SaaS) model. Organisations may also consider implementing innovative cost-optimisation models that allow them to pay on the basis of the number of security components handled/assessments done/incidents resolved.

Similarly, organisations can leverage cloud-based security solutions that enable security teams to deploy a cloud layer over the existing IT landscape, allowing services, including user identity management, security monitoring and incident management, to be centrally delivered. The service requirements can be increased or decreased, allowing for subsequent cost optimisation.

Organisations can also look at outsourcing or offshoring security operations to low-cost locations to optimise associated costs.

Given the above background, organisations should rethink their expenditure on cyber security operations and move towards a managed services model for not only security monitoring, but also day-to-day security administration and operational activities.

Managing the overall security operations of an organisation involves striking a fine balance between handling operational requirements and using resources optimally. It is imperative for organisations to evolve from traditional security operational methods and costs to flexible security operations with a managed security services model.



To be able to optimally secure organisations against emerging threat landscapes, it is important for security teams to have relevant skill sets and be agile and multifaceted. Security teams need to be experts in core security skill sets and swiftly develop skill sets required for newer and emerging technologies. Considering the shortage of skilled cyber security professionals in the industry, security functions of organisations face their own set of challenges. The increased economic pressure on security functions has made it difficult for them to recruit high-skilled subject matter experts (SMEs). Further, many security skills are not required throughout the year but are largely point-in-time requirements, making it more difficult for organisations to maintain dedicated and large security teams.Organisations now need to go beyond the traditional structure of security teams to include the latest trends in cyber security. Governing and managing enhanced threat landscapes using both traditional and emerging technologies may require skill sets that are not available within organisations. Under such circumstances, they can appoint a CISO as a service from established security agencies for required security oversight and governance.

Additionally, virtual security teams can be hired as a service to provide security expertise and support that are not uniformly required throughout the year but only when the need arises. The recent trends in security services have also seen a large number of security experts moving to freelance positions. Organisations can use a resource marketplace to onboard and hire freelancers who can provide various security services and expertise. Organisations can also carry out training programmes for reskilling and upskilling existing resources to cater to security requirements. This will not only allow organisations to meet security demands, but also enable them to remain updated on the latest security skills. Further, they may also leverage internal teams across functions through cross-skilling to cater to peak requirements in cyber security. These approaches can help organisations create a leaner and agile security team for managing different aspects of their cyber security.

Security teams should be equipped with multiple skill sets to cater to emerging security requirements. Organisations need to rethink their security organisation structure and look beyond traditional security organisation structures to include virtual teams and external panels of experts.



Organisations should look towards automating repetitive and actionable security processes and tasksBusinesses of all sizes are looking to increase efficiency, optimise costs and utilise their existing talented resources for tasks that cannot be executed by machines. Irrespective of what one might think of automation – the epitome of organisational efficiency or a death knell for certain jobs – it has helped the world move forward. Automation allows routine tasks to be performed by machines and enables an organisation to leverage its people for more relevant work. Further, many activities such as vulnerability management, data loss prevention (DLP) monitoring, user access provisioning and third-party risk management require heavy manual intervention. Owing to the large amount of data and security events involved in such activities, there is a significant possibility of missing out on critical alerts that may lead to security risks at large.

Emerging technologies such as artificial intelligence (AI), machine learning (ML) and robotic process automation (RPA) can be leveraged to automate security processes that require low-to-medium human interventions across functions through cross skilling to cater to peak requirements in cyber security. Organisations can use automation tools along with existing security technologies to automate low-intelligence, repeatable and actionable tasks and processes. This will ensure that resources are available for other critical tasks.Further, organisations can also leverage AI, ML and RPA to process large amounts of data and analyse security events to create proactive defence mechanisms in an efficient and automated manner, and reduce overall risk exposure.

Organisations typically have a lot of security processes to deal with during the course of security governance, management, operations and administration, which often lead to administrative burden. Routine tasks within security processes can be moved from manual resource-intensive actions to automated processes to reduce administrative burden and optimise overall security administration and management.

Contact us

Siddharth VishwanathPartner and Cyber Advisory LeaderPwC IndiaMobile: +91 91671 [email protected]

Anas ViquarAssociate Director, Cyber SecurityPwC IndiaMobile: +91 98737 [email protected]

About PwC At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 155 countries with over 284,000 people who are committed to delivering quality in assurance, advisory and tax services. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.Find out more about PwC India and tell us what matters to you by visiting us at www.pwc.in.

pwc.inData Classification: DC0 (Public)

In this document, PwC refers to PricewaterhouseCoopers Private Limited (a limited liability company in India having Corporate Identity Number or CIN : U74140WB1983PTC036093), which is a member firm of PricewaterhouseCoopers International Limited (PwCIL), each member firm of which is a separate legal entity.

This document does not constitute professional advice. The information in this document has been obtained or derived from sources believed by PricewaterhouseCoopers Private Limited (PwCPL) to be reliable but PwCPL does not represent that this information is accurate or complete. Any opinions or estimates contained in this document represent the judgment of PwCPL at this time and are subject to change without notice. Readers of this publication are advised to seek their own professional advice before taking any course of action or decision, for which they are entirely responsible, based on the contents of this publication. PwCPL neither accepts or assumes any responsibility or liability to any reader of this publication in respect of the information contained within it or for any decisions readers may take or decide not to or fail to take.

© 2020 PricewaterhouseCoopers Private Limited. All rights reserved.

KS/December 2020-M&C 8546

Cyber security optimisation in organisations - pwc

Documents

Transcript of Cyber security optimisation in organisations - pwc