According to Gartner, GenAI-enabled cyberattacks will continue to spike enterprise investment in information security resources, leading to a 15% increase in security software spending in 2025. As security teams prepare for this emerging threat landscape, it is worth pausing to reevaluate IT best practices for any potential improvements that can help enterprises in an era of increased cyber activity.
Security in Isolation
One common pitfall facing security teams is that they often work in a silo because of their very specialized roles. While having deep expertise in their company’s security posture and the threat landscape, security resources are often too far removed from the company’s business function and its departments (i.e., sales, go-to-market, engineering, customer service) when these areas should inform their work. This arrangement can lead to their isolation in a company’s larger organizational structure. Unless silos are proactively guarded against, security resources can drift too far away from the company’s core operations, finding themselves flatfooted at critical steps during an outage or security incident.
“We Have a Problem”
During a security event, security teams missing the business context to fully comprehend how outages impact their company will be out of step and lacking preparedness. Further, suppose they lack critical technical expertise or critical relationships with key subject matter experts (SMEs) in other areas of the business. Security pros will have the unenviable task of mapping out and learning system functionality to determine the affected infrastructure and services, potentially slowing incident response times. This is no small matter when adding up the cost of outages, wherein the wrong move could lead to financial ruin. With so many critical touch points and services involved, security teams may fail to prioritize their response in line with business objectives.
In short, beginning research into the technical aspects, business priorities, critical points of contact, and customers affected only after something has already happened will leave security teams scrambling, significantly reducing their effectiveness. Instead, an organization’s security team must understand every aspect of the business beyond a basic, default high-level conceptualization.
The Customer Perspective
In that same security silo, important customer context that can round out the impact of an outage is also missing. Knowledge of specific customers and how they will be affected should also inform the work of security professionals. The customer perspective is not just a matter for other departments. Security teams should also have a tangible understanding of who or what is affected during a potential event or incident. For example, in a B2B (Business to Business) company, can this incident potentially impact a critical deal with a major customer or does this incident involve regulated customers that often require specific terms for notifications. When the system blinks red and alerts pop up, who is on the other side of these?
Further, what customers consider most important often differs from what one might expect. Being in the loop with customers might help the security team reprioritize the order of tasks. Pushing back against the detached, insular, and cordoned off approach, when IT pros know the company’s top customers and their concerns before an incident, it will improve their incident response outcomes.
Getting Out
Security teams that lack full integration with their broader organization miss the opportunity to reach full preparedness in advance. While an incident can be an opportunity for critical relationship-building and cross-team collaboration, these relationships must be permanent and ongoing. Haphazardly reaching out to work together when the clock is ticking leaves considerable room for improvement. Instead, security resources should establish close relationships with the people their work impacts every day across the company. This includes proactively collaborating with engineering teams instead of instigating communication during a crisis. It also means identifying subject matter experts and contacts across the company should the need arise.
However, closing the gap by working more closely with other teams across the organization to inform other departments of their work and understand what is critical to the business cannot be achieved by a single team alone. There must be reciprocity and an overall interdepartmental collaborative spirit in the company. The move to a more vertical, tightly integrated organization needs to be instituted top-down or the promise of closer proximity will wither on the vine.
Security teams that establish close cross-functional relationships and expertise across the organization by cultivating ongoing collaboration with other teams across IT — like infrastructure, DevOps, and site reliability engineers (SREs) — will develop a stronger understanding and improve efficiency when it matters most. To promote awareness, knowledge, and informed security practices, these teams should be in constant communication with the goal of full integration. When security teams have the technical expertise, product knowledge, customer understanding, business context, and cross-department contacts in place, they will be ready to address their organization’s cybersecurity needs efficiently.
About the Author
Esteban Gutierrez is Chief Information Security Officer & VP of Information Security at New Relic. Esteban’s preferred pronouns are the/them.
They are passionate about reshaping information security to enable people to do the work they value in balance with business goals, best practices, technical constraints, and pragmatic risk management strategies.
Esteban can be reached online at Esteban Gutierrez | LinkedIn and at our company website https://newrelic.com/
