CSO: Immediate threats or long-term security? Deciding where to focus is the modern CISO’s dilemma

Commentary by Nick Kathmann, CISO at LogicGate

Allocating security resources can be a daunting task for CISOs and other security leaders, but there are ways to strike a balance between short-term and long-term needs.

Cybersecurity has become a high-stakes balancing act — the modern CISO is under constant pressure to protect their organization from the latest threats, including ransomware and phishing, while also developing long-term security strategies and reporting to the C-suite and board.

This means juggling immediate needs, such as patching vulnerabilities and responding to cyber incidents, with long-term goals, including adopting emerging technologies and developing a skilled cybersecurity team. This challenge is made worse by limited budgets and the need to justify the value of security investments to the business.

Budget allocation: immediate vs long-term security

Nicholas Kathmann, CISO at LogicGate, says that when resource planning, it’s a good idea to have a certain percentage of staff time (30% is a good rule of thumb) dedicated to long-term projects vs the day-to-day work keeping the lights on. This makes it possible to respond to immediate threats effectively, with only minimal risk of impacting project timelines.

CSO