December 2020

Cyber in Perspective

Securing the
future of business
Cyber security optimisation in organisations
Introduction
Businesses today are transforming their ways of
working and redefining the future of their operations.
They are migrating towards a ‘work from anywhere
and anytime’ model of operation, with an increasing
focus on utilising low-touch business solutions.
There is also increased focus on business resilience
in order to strengthen systems and processes so
that they operate seamlessly during a crisis.
Rapid diglitalisation across organisations had
already made them prone to cyberattacks. The
COVID-19 crisis has resulted in an increase in the
number of cyberattacks on organisations. Along
with a surge in cyberattacks, there has also been a
shift towards more sophisticated attacks that seek
to exploit the chinks in the armour exposed by the
transformation process that is under way. Such a
scenario requires organisations to enhance their
capabilities in order to successfully navigate the
increased threat surface, ensure protection of their
data and smoothly continue business operations.
The COVID-19 crisis has impacted a number of
organisations and increased cost pressures. The
crisis has also made it imperative for organisations
to enhance their cyber security capabilities on the
one hand and optimise cyber security resources on
the other.

2 PwC | Securing the future of business

Organisations are focusing on how to deal with
the dichotomy between cost reduction and
cyber security optimisation
Factors behind cyber recalibration Business objectives

Transformation to adapt to the

future of business

Increased cost pressure

Enhancing cyber
security capabilities

Ever-increasing cyber threat

landscape

Increased COVID-19 themed Optimising cyber

attacks security resources

Shift in cyber security priorities

Security optimisation across areas will help businesses achieve their objectives.

Security Security Security Security

technology operations organisation processes

3 PwC | Securing the future of business

Security optimisation is the key to secure the
future of business

Securing the future

of business

Automation of Security technology

security processes optimisation

Agile security Optimised security

organisation operations

4 PwC | Securing the future of business

 Security technology

Organisations are struggling to optimally utilise their implemented security technologies. Often, there are overlaps in
security technologies as well as underutilisation of tools and technologies.
Organisations need to focus on understanding their security technology landscape and identify areas where
security technologies can be optimised either through consolidation and enhancement, or by leveraging open-
source and light-weight start-up solutions.

Optimised security operations

At an overall organisational level, the costs of security operations and management are increasing due to the wider
threat landscape. Traditionally, organisations build all of their operational services in-house on a fixed-cost model.
However, this approach has led to increased costs, administrative burden and the additional hassle of managing a
large set of internal tools, technologies and in-house resources.
There is scope for improvement in the way organisations handle security operations and associated costs. They
can explore other avenues such as managed security services, cloud-based service delivery and transaction-based
pricing models.

Agile security organisation

Due to the cyclic nature of most businesses, it has been observed that required skills are dynamic and change with
time. Skills related to cloud technologies, orchestrated response and emerging technologies are becoming more
important. While organisations may hire people skilled in operating new technologies, upskilling and cross-skilling
existing resources are more efficient, considering evolving requirements.
Organisations may consider engaging external experts as chief information security officers (CISOs) in other
security roles to optimise the costs of hiring and training. Additionally, there is scope to leverage existing resources
in cross-functional teams to build extended teams and support security requirements during critical situations.

Automation of security processes

Security teams in organisations spend a lot of time performing low-intelligence routine tasks. Also, most
organisations do not have centralised security teams, leading to a disintegrated view of the organisational security
landscape. Organisations need to move away from such siloed processes for security management and gradually
shift towards a more cohesive approach, with automation as the basis of security processes and operations
management.
Automation technologies help in decreasing the administrative burden related to manual handling of certain aspects
of security processes. Leveraging these technologies as the foundation for managing security processes will not
only optimise the effort and resources required for maintaining cyber security across organisations, but also help in
reducing the overall error rates and associated security risks.

5 PwC | Securing the future of business

 Security technology
optimisation
Security technologies have continually
evolved to meet the growing demands
of an increasingly changing threat
landscape.
While it is necessary to implement
security technologies across an
organisation to protect it against the
evolving cyberthreat landscape, it is
also important to understand the overall
security posture of an organisation and
optimally deploy security technology.
Security technology optimisation is the quickest
method to optimise cyber security for an organisation.
Typically, organisations have focused on creating
multiple layers of security and using a combination of
security products, design principles, manual controls
and routine checks to manage their overall security
posture.
Organisations that have been on the cyber security
journey for a significant period of time will understand
the need to regularly take stock of their security stack.
Security tools and solutions have a tendency to overlap
or remain underutilised if left unchecked.
Additionally, organisations have approached cyber
security in a piecemeal fashion by adding technologies
to their set-up whenever they felt it was necessary to
fill certain point-in-time security gaps, overlooking the
overall security posture.
Further, organisations consider established commercial
off-the-shelf (COTS) products for their security
requirements and do not generally consider other
options, including open source/domestically produced
security tools, that may provide the desired level of
security contextualised to the threat landscape.
6 PwC | Securing the future of business
Today, it is imperative for organisations to look at
their security technology stack holistically to enhance
security and optimise resources.
Many organisations have invested in multiple security
technologies, some of which have overlapping features.
This happens as some new-generation technologies
combine the multiple features provided by
traditional technologies. For example, next-generation
firewalls have capabilities such as intrusion prevention,
URL filtering and application control, along with features
provided by traditional firewalls.
Organisations can enable additional features and
functionalities in their existing security set-up to
provide additional security coverage. For example,
threat intelligence feeds can be enabled in next-
generation firewalls, security incident and event
management (SIEM) tools and anti-advanced persistent
threat (APT) systems to provide contextual information
on security events.
Organisations can also look at implementing open-
source security solutions as well as light-weight
start-up security solutions and services that provide
the desired level of security at optimised costs.
Given the aforementioned considerations, there is
a huge opportunity for organisations to optimally
leverage security technologies.
 Optimised security
operations

Managing the overall security operations

of an organisation involves striking a fine
balance between handling operational
requirements and using resources
optimally.
It is imperative for organisations to evolve
from traditional security operational
methods and costs to flexible security
operations with a managed security
services model.

Cyber security services have traditionally been built
on-premise and their service provisioning operates
on a fixed-cost model. However, this can lead to
unnecessary cost overruns.
Pay for what you need
Fixed costs are easier to budget for since they remain
constant during a year. However, with evolving business
landscapes and shifting operational priorities, security
organisations should strive to identify linkages between
business functions and related security services. This
will enable them to move to a variable cost model and
successfully mitigate increasing budgetary constraints.
Cyber security activities such as monitoring a 24x7
security operations centre are already being outsourced
to enable variable cost models that help organisations
moderate their security spending. The current crisis
has also triggered a need to relook at how day-to-day
security operations, administration and management
activities can be carried out by leveraging third-party
managed security service providers.
Organisations can leverage third-party security
services across multiple areas, including governance,
implementation, operations and compliance, to
implement the security as a service (SaaS) model.
Organisations may also consider implementing
innovative cost-optimisation models that allow them to
pay on the basis of the number of security components
handled/assessments done/incidents resolved.
Similarly, organisations can leverage cloud-based
security solutions that enable security teams to deploy
a cloud layer over the existing IT landscape, allowing
services, including user identity management, security
monitoring and incident management, to be centrally
delivered. The service requirements can be increased or
decreased, allowing for subsequent cost optimisation.
Organisations can also look at outsourcing or
offshoring security operations to low-cost locations
to optimise associated costs.
Given the above background, organisations should
rethink their expenditure on cyber security operations
and move towards a managed services model for not
only security monitoring, but also day-to-day security
administration and operational activities.

7 PwC | Securing the future of business

 Agile security
organisation

Security teams should be equipped with

multiple skill sets to cater to emerging
security requirements.
Organisations need to rethink their
security organisation structure and look
beyond traditional security organisation
structures to include virtual teams and
external panels of experts.

To be able to optimally secure organisations against
emerging threat landscapes, it is important for security
teams to have relevant skill sets and be agile and
multifaceted. Security teams need to be experts in core
security skill sets and swiftly develop skill sets required
for newer and emerging technologies.
Considering the shortage of skilled cyber security
professionals in the industry, security functions of
organisations face their own set of challenges. The
increased economic pressure on security functions has
made it difficult for them to recruit high-skilled subject
matter experts (SMEs).
Further, many security skills are not required throughout
the year but are largely point-in-time requirements,
making it more difficult for organisations to maintain
dedicated and large security teams.
Organisations now need to go beyond the traditional
structure of security teams to include the latest trends in
cyber security.
Governing and managing enhanced threat landscapes
using both traditional and emerging technologies
may require skill sets that are not available within
organisations. Under such circumstances, they
can appoint a CISO as a service from established
security agencies for required security oversight and
governance.
Additionally, virtual security teams can be hired as a
service to provide security expertise and support that
are not uniformly required throughout the year but only
when the need arises.
The recent trends in security services have also
seen a large number of security experts moving to
freelance positions. Organisations can use a resource
marketplace to onboard and hire freelancers who can
provide various security services and expertise.
Organisations can also carry out training programmes
for reskilling and upskilling existing resources to
cater to security requirements. This will not only allow
organisations to meet security demands, but also
enable them to remain updated on the latest security
skills. Further, they may also leverage internal teams
across functions through cross-skilling to cater to
peak requirements in cyber security.
These approaches can help organisations create a
leaner and agile security team for managing different
aspects of their cyber security.

8 PwC | Securing the future of business

 Automation of security
processes

Organisations typically have a lot of

security processes to deal with during
the course of security governance,
management, operations and
administration, which often lead to
administrative burden.
Routine tasks within security processes
can be moved from manual resource-
intensive actions to automated processes
to reduce administrative burden and
optimise overall security administration
and management.

Organisations should look towards Emerging technologies such as artificial intelligence

automating repetitive and actionable
security processes and tasks
Businesses of all sizes are looking to increase
efficiency, optimise costs and utilise their existing
talented resources for tasks that cannot be executed
by machines. Irrespective of what one might think of
automation – the epitome of organisational efficiency or
a death knell for certain jobs – it has helped the world
move forward.
Automation allows routine tasks to be performed by
machines and enables an organisation to leverage its
people for more relevant work.
Further, many activities such as vulnerability
management, data loss prevention (DLP) monitoring,
user access provisioning and third-party risk
management require heavy manual intervention. Owing
to the large amount of data and security events involved
in such activities, there is a significant possibility of
missing out on critical alerts that may lead to security
risks at large.
(AI), machine learning (ML) and robotic process
automation (RPA) can be leveraged to automate
security processes that require low-to-medium human
interventions across functions through cross skilling
to cater to peak requirements in cyber security.
Organisations can use automation tools along with
existing security technologies to automate low-
intelligence, repeatable and actionable tasks and
processes. This will ensure that resources are available
for other critical tasks.
Further, organisations can also leverage AI, ML and RPA
to process large amounts of data and analyse security
events to create proactive defence mechanisms in an
efficient and automated manner, and reduce overall risk
exposure.

9 PwC | Securing the future of business

About PwC
At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 155 countries with over 284,000
people who are committed to delivering quality in assurance, advisory and tax services. PwC refers to the PwC network and/or one or
more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.
Find out more about PwC India and tell us what matters to you by visiting us at www.pwc.in.

Contact us

Siddharth Vishwanath Anas Viquar

Partner and Cyber Advisory Leader Associate Director, Cyber Security
PwC India PwC India
Mobile: +91 91671 90944 Mobile: +91 98737 13687
siddharth.vishwanath@pwc.com anas.viquar@pwc.com

pwc.in
Data Classification: DC0 (Public)

In this document, PwC refers to PricewaterhouseCoopers Private Limited (a limited liability company in India having Corporate
Identity Number or CIN : U74140WB1983PTC036093), which is a member firm of PricewaterhouseCoopers International Limited
(PwCIL), each member firm of which is a separate legal entity.

This document does not constitute professional advice. The information in this document has been obtained or derived from sources
believed by PricewaterhouseCoopers Private Limited (PwCPL) to be reliable but PwCPL does not represent that this information is
accurate or complete. Any opinions or estimates contained in this document represent the judgment of PwCPL at this time and are
subject to change without notice. Readers of this publication are advised to seek their own professional advice before taking any
course of action or decision, for which they are entirely responsible, based on the contents of this publication. PwCPL neither accepts
or assumes any responsibility or liability to any reader of this publication in respect of the information contained within it or for any
decisions readers may take or decide not to or fail to take.

© 2020 PricewaterhouseCoopers Private Limited. All rights reserved.

KS/December 2020-M&C 8546