“The drop in post-breach spending suggests a cut up mindset: Some firms depend on cyber insurance coverage to soak up the affect, whereas others have already constructed resilience via frameworks like NIST CSF [Cyber Security Framework]. In these instances, breaches drive classes realized and fine-tuning reasonably than new investments,” says Elliott Franklin, CISO of reinsurance agency Fortitude Re.
Complexity and damaged processes
Todd Thorsen, CISO at knowledge restoration vendor CrashPlan, mentioned that some breach victims might conclude that they had been extra uncovered to the complexity of their IT setting reasonably than inadequate funding.
“Complexity might be as huge an issue as underinvestment in security — duplicative programs, poorly managed integrations, shelf-ware, and so on.,” he says. “This may occasionally result in some organizations simplifying their environments within the wake of a breach and specializing in the precise instruments, optimization, and consolidation.”
