Select Page

Apr 11, 2022

Cybersecurity, Is It an Asset or a Liability? Shifting the Paradigm with XDR

by

If you’ve been keeping up, in the past weeks. We’ve discussed various game-changing reasons for adopting XDR, namely solving alert fatigue, modernizing security, and adapting to the changing threat landscape. In this final chapter, we will examine how adoption of the XDR solution can maximize efficiency of your existing products while lowering TCO. XDR is also key in transforming the perception of cybersecurity on a whole. Read on to learn more.

Asset or Liability: Perception of Cybersecurity

In 2021, the cost of a data breach ranged from $1.93 million for the public sector to $9.23 million for the healthcare sector[1]. In the Asia-Pacific region alone, Frost & Sullivan found in a joint study that the mean economic loss from a cyberattack to a large healthcare organization was a staggering $23.3 million in 2017[2]. That figure would have undoubtedly risen over the past 4 years. Aside from the direct economic losses due to disruption in production and sales, losses can come in the form of reputation loss, fines, and other indirect setbacks. Despite the potential disruption cyberattacks can cause, cybersecurity has been for years viewed as mostly a cost of doing business and a component to meet regulatory compliance.

In Frost & Sullivan’s survey, 40% of respondents indicated that one of the main setbacks to improving their organization’s security posture was the lack of awareness of data breach implications and costs, while 36% said they had difficulties communicating the importance of cybersecurity to the board. In parallel, almost a quarter of respondents have experienced reduced security budgets in the past year.

Figure 1: The most common inclusion in security roadmaps is the restructuring of management’s security perception. Management’s disregard for security is one of the biggest hurdles that security teams face in bolstering their defenses and capabilities. Source: Frost & Sullivan.

Essentially, organizations —particularly businesses—have been hesitant to invest heavily in cybersecurity because they see it as an expense rather than an element of risk management. This perception is greater in small organizations, as they dedicate larger proportions of cash flow to running more essential systems. The constant changes to the business environment, such as the COVID-19 pandemic  that is forcing widespread remote working, also contribute to the reluctance in committing heavily to capital-intensive investments.

Nevertheless, the rise in cybercrime and increasing pressure from regulatory bodies have spurred organizations to rethink cybersecurity. Cybersecurity Ventures estimates that global cybersecurity spending will increase from $262.4 billion in 2021 to $458.9 billion in 2025, at a compound annual growth rate of 15%.

Figure 2: The risk of data breaches has increased significantly over the past year. Remote working incurs an average cost of more than $1 million compared to traditional work environments. Source: IBM.

A joint report from IBM showed that organizations that have undergone DX during the COVID-19 pandemic have seen an average $750,000 reduction in data breach costs.[3] Organizations with mature zero trust strategies have seen average reductions of $1.8 million compared to those without, indicating that the cost of breaches correlates with organizations’ digital maturity and cybermaturity.

XDR can flexibly support enterprise cybersecurity

Cybermaturity and investments are directly tied to business outcomes, and XDR is one way in which businesses can enable flexibility, drive down data breach costs, and contextualize cybersecurity’s value.

With its subscription-based approach and minimal hardware requirements, XDR’s initial investment demand is much lower than traditional on-premises point solutions. This solution could be viable for the often- overlooked medium to small segments, with the cost spread over time rather than front-loaded. XDR’s ability to derive insights from across the threat environment also allows it to provide business context to cybersecurity.

For example, management teams can compare the most targeted areas of their businesses with the relative investments in these areas to create a priority list of future cybersecurity expenditures. This information is also useful for assessing the direct cybersecurity risk to a company’s bottom line.

XDR can maximize existing cybersecurity investment

XDR helps protect existing security investments in 2 ways:

  • Mitigating the costs of siloed, disparate security solutions
  • Extending the value of security solutions at risk of obsolescence

The multivendor environment that organizations find themselves in often incurs both obvious and hidden costs. For example, the silos created from deploying solutions that do not speak to each other by default cost organizations time and money in manual integration, causing burnout in employees burdened with menial and ungainful tasks. Organizations are thus compelled to audit the costs of maintaining a current solution—even if it works well with their needs—against the cost of operating it. XDR breaks down these silos, serving as the central hub connecting all deployed solutions. Organizations can normalize their data and mitigate their current integration costs and future upgrades and additions.

With the arrival of new security products every year, the phasing out of older models or iterations that serve the same purpose is a risk. Reasons for this include an inability to integrate with the overall security environment, reduced effectiveness in combating modern threats, and insufficient or unactionable data. XDR helps reinvigorate the utility of older solutions because of its ability to tap into deeper metadata and perform cross-layered D&R. As such, each deployed security solution at least plays the role of feeding contextual information into XDR—raising overall security readiness. At best, XDR could open new use cases, even for older solutions.

How to get XDR to work for you

The final piece of the puzzle to maximize the value of XDR for organizations is to work closely with XDR providers during evaluation and implementation. The few companies that do currently provide XDR to the market are usually experienced cybersecurity vendors with longstanding expertise in adjacent cybersecurity fields.

For example, Hillstone Networks is a recognized leader in the network security space, more specifically its next-generation firewalls (NGFW). Building on this, the company has developed a comprehensive, vendor-agnostic platform with an emphasis on integration and value-added insight generation.  

To learn more about how XDR is shifting the paradigm and perception of cybersecurity, get full access to the whitepaper here.  


[1] Average cost of data breaches worldwide as of 2021, by industry, Statista, 2021

[2] Understanding the Cybersecurity Threat Landscape in Asia Pacific, Microsoft, 2017

[3] IBM Report: Cost of a Data Breach Hits Record High During Pandemic, IBM, 2021.