Site iconSite icon IFSEC Insider | Security and Fire News and Resources

Aberdeen Group confirms value of serious vulnerability management

The research shows that top performing companies estimate an impressive 91% marginal return on investment, based on a comparison of total vulnerability-related costs avoided with the total cost of their vulnerability management activities.

Vulnerability management is a necessary function for any organisation with business operations that involve Internet-facing networks, computers and application software. With an average of over 120 new threats and vulnerabilities emerging every week, it must be accepted as essential.

Efficiency and cost-effectiveness

Aberdeen’s research confirms that the best results are achieved by making it as efficient and cost-effective as possible:

Reduce the costs involved with threats

“Aberdeen’s research confirms that improving capabilities in assessing, prioritising and remediating threats and vulnerabilities pays off in two ways,” said Derek Brink, vice-president and research fellow for IT security at Aberdeen. “First, it reduces the costs inflicted by the flood of new threats and vulnerabilities that emerge on a weekly basis. Second, it reduces the total cost of vulnerability management, which frees up precious resources to invest in more strategic IT initiatives.”

Companies should also accept that vulnerability management is a never-ending process, and that the cycle of ‘assess, prioritise, remediate’ must be continuously repeated. Through better security governance (allocation of limited IT resources) and risk management (prioritisation based on business value and the organization’s appetite for risk), Best-in-Class performance in vulnerability management frees up limited IT resources to invest in projects more directly tied to the ‘rewarded risks’ of innovation and strategic growth.

“The Aberdeen report confirms that critical tasks such as vulnerability assessment, patch management and configuration management continue to be complex and time-consuming,” said Mark Shavlik, CEO at Shavlik Technologies. “Essentially, if security management is too difficult and resource-intensive, it doesn’t ‘happen’ and, therefore, the organisation is ultimately putting its network at risk. Leading organisations understand that there’s value in investing in technologies to automate these complicated and resource-intensive tasks.”

About the Aberdeen Group

A Harte-Hanks company, Aberdeen is a leading provider of fact-based research and market intelligence. Having benchmarked more than 30,000 companies in the past two years, Aberdeen is uniquely positioned to educate users to action: driving market awareness, creating demand, enabling sales and delivering meaningful return-on-investment analysis.

Exit mobile version