- The viral Air Purifier Table is my smart home's MVP (and it's on sale for $179)
- Grab the Galaxy S25 Edge for $170 off and get a free Amazon gift card - but act fast
- How I learned to stop worrying and love my health tracker
- I found a free iPhone 16 deal that doesn't require a trade-in (and applies to Pro models, too)
- This 77-piece Milwaukee wrench set is still $200 off at The Home Depot
#Infosec2025: Simplicity Should Guide Cybersecurity Purchasing
CISOs looking to prioritize security spend amid challenging economic conditions should aim to consolidate tooling and simplify their language, according to a panel of experts at Infosecurity Europe.
Although an Infosecurity Europe report at the start of the year predicted an average budget growth among UK organizations of 31% over the coming 12 months, the macroeconomic situation has arguably deteriorated since.
A UK government report in April claimed that “cybersecurity budgets for organizations typically remained flat and in some cases [became] more constrained” over the past year.
However, even if there is money to spend as boards “panic buy” following recent high-profile ransomware attacks on UK retailers, CISOs should resist the urge to splurge on point solutions, experts argued.
“Look at your threat landscape … and determine what you have in place to ensure you can increase visibility and decrease complexity in tools, because I think everyone in this room has a lot of tools,” said Forrester senior analyst, Madelein van der Hout.
“You want to get rid of that complexity as far as your risk tolerance allows you to.”
Close Brothers CISO, Munawar Valiji, agreed, arguing that organizations need to ensure they “get the basics right” and understand what they can do with existing investments, in line with industry best practice.
KPMG director of cyber, Jon Davies, suggested that it may be also useful to consider the idea of “minimum viable security” to guide investment decisions.
“When you buy products, capabilities or platforms, unfortunately there are often overlaps and duplication in some of the tools,” he explained.
“So again, it’s about understanding if you’re buying a product, is there an information exchange requirement … where they overlap, so you get the best of products without buying twice.”
CISOs should focus on outcome, not capability, when making these sorts of decisions, added Valiji, who said he is loyal to vendors that prioritize partnerships over purely commercial transactions. Forrester’s van der Hout agreed.
“You should turn to the vendors you work with on how you create that partnership, and don’t be afraid to ask how they will help you approach the future,” she said.
“They should be transparent about their roadmap and how they can help you future proof.”
Read more from #Infosec2025: #Infosec2025: Channel Bridges Security Skills Gap
Keeping it Simple for the Board
CISOs should not only simplify their security stack but also their language with the board if they want to make an impact, the panel noted.
“It is about the language and how you communicate it. Whilst boards are improving and becoming more cyber aware … my job as a trusted advisor is to bring monosyllabic language to articulate what the risk is,” said Valiji.
“The language and simplicity and ability to influence the right outcome is just as important [as] saying ‘here’s my shopping list of shiny new equipment, tools, people and process that I need.’”
CISOs could seek support from their board-level sponsor in order to finesses this language, added van der Hout.
“Go to your sponsor, deliberate with him or her on how best to bring that message across so that it is in the language of your executive committee,” she said.
