5 Inefficiencies in Cybersecurity (and Why They Still Exist)
Cybersecurity costs continue to climb with the scale of threats and evolving technology. Companies can’t control the threat landscape they face, but they can manage their response to reduce costs.
In a recent webinar for Anamoli, Chief Growth Officer George Moser and Founder of Software Analyst Cyber Research Francis Odum explored the hidden costs plaguing corporate companies and their security teams.
Throughout the webinar they outline the key inefficiencies contributing to rising costs. Here are five of the ways security teams may be overspending.
1. SIEM Systems: Slow, Expensive, and Inflexible
Security Information and Event Management (SIEM) platforms were once at the heart of cybersecurity operations. But many organizations still rely on legacy SIEMs that were not built for today’s data volumes or the complexity of hybrid environments.
Why It’s Inefficient:
- Scalability issues: Most SIEMs struggle with ingesting and analyzing massive volumes of logs from cloud-native apps, containers, and IoT devices.
- Costly storage: Licensing often ties cost to data volume, forcing teams to either limit what they ingest or blow their budgets.
- Delayed detection: Most platforms often can’t process events in real time, delaying incident detection and response.
- Poor user experience: Complex query languages, slow dashboards, and clunky interfaces make investigations painful.
“We should be able to get that answer in seconds and not have to be beholden to the limitations of legacy technology,” says George Moser.
Why It Still Exists:
- Replacing a SIEM is seen as a massive lift — technically, operationally, and politically.
- Many organizations are locked into multi-year contracts or have spent years building workflows on top of their current systems.
The thought of migrating systems is a daunting one, but it doesn’t have to be. With the right processes and support, Francis Odum ensures listeners that the long-term benefits and cost savings outweigh the short-term hurdles.
2. Siloed Security Data
Security teams often operate with data scattered across different tools, including endpoint protection platforms, firewalls, cloud logs, threat intel feeds, and more.
Why It’s Inefficient:
- Limited visibility: Analysts can't see the full picture, which delays investigations or causes missed detections.
- Manual correlation: Teams often need to pivot between tools and correlate data by hand.
- Inconsistent context: Different tools label and structure data differently, making correlation error-prone.
Why It Still Exists:
- Vendors encourage "tool sprawl" to lock customers into ecosystems.
- Integrating disparate data sources requires engineering resources that many security teams lack.
Consolidation of tools and vendors is crucial for managing cybersecurity costs and improving efficiency.
Francis noted that the sprawl of security technologies across the enterprise is a significant challenge. “Companies use 60 different tools. Migrating and moving data obviously comes with a lot of challenges,” he said. All that fragmentation is creating big costs for companies.
George shared his experience of dealing with this issue at S&P Global, where he reduced the number of tools and vendors to manage costs and improve cyber resiliency. “We had to consolidate all of our cyber observables into one single data lake to have comprehensive threat intelligence and an understanding of where our vulnerabilities were in our environment,” he explained. This consolidation allowed for better data management and more efficient threat detection and response.
3. Alert Overload and False Positives
Many security tools prioritize coverage over precision, resulting in thousands of daily alerts — most of which are either irrelevant or benign.
Why It’s Inefficient:
- Burnout: Analysts waste time triaging false positives instead of focusing on real threats.
- Missed alerts: High noise levels make it easy to miss the signal — the actual threats.
- Ineffective automation: Poor alert quality makes automated playbooks unreliable.
Why It Still Exists:
- Many teams prefer to err on the side of caution to avoid missing anything but end up missing alerts anyway due to volume and noise.
- Tuning alerts requires deep domain knowledge, time, and constant maintenance — resources many teams don’t have.
The constant inundation of alerts is creating signal fatigue by design. If security analysts are chasing false leads, threat actors are more likely to slip through unnoticed.
4. Manual Incident Response Processes
Even in organizations with mature security operations centers (SOCs), incident response often relies heavily on manual playbooks, spreadsheets, and ticketing systems.
Why It’s Inefficient:
- Slow response: Time is critical during an incident, but manual steps introduce delays.
- Human error: Mistakes happen, especially under pressure.
- Ineffective coordination: Email threads and Slack messages are no replacement for real-time, structured collaboration.
Why It Still Exists:
- Many teams haven’t invested in Security Orchestration, Automation, and Response (SOAR) tools — or have done so poorly.
- Automation is only as good as the playbooks behind it, which are time-consuming to build and maintain.
“Threat actors are employing AI, just as everyone else on the planet is really employing AI,” says George Moser.
If bad actors are using AI in their attacks, you should be using it in your response, he says. The pure number of attacks are no longer on a human scale. Security teams need to employ modern techniques to combat AI-enabled attacks and increase response time to threats, from signal to analysis.
5. Lack of Continuous Validation
Most organizations don’t continuously test their defenses. Penetration tests are usually annual. Simulations are ad hoc. This creates a false sense of security.
Why It’s Inefficient:
- Unknown gaps: You can’t fix what you don’t know is broken.
- Wasted investments: Controls that don’t work as expected still consume budget and resources.
- Missed opportunities for improvement: Without validation, it’s hard to prioritize remediation.
Why It Still Exists:
- Continuous validation requires tools (like breach and attack simulation platforms) and skilled staff to run and interpret them.
- Organizations often focus on compliance checkboxes rather than real-world effectiveness.
When security teams are bogged down by continuous alerts and signal fatigue, they aren’t available to run in-depth analysis or take a proactive approach to security.
Solving Inefficiencies to Reduce Cost and Improve Response
Cybersecurity inefficiencies don’t persist because we don’t know about them; they persist because fixing them is difficult. Legacy systems, budget constraints, skills gaps, and internal politics all play a role.
But as threat actors become more sophisticated and AI-driven attacks rise, the cost of maintaining these inefficiencies will only grow. It’s time for security leaders to move beyond patchwork solutions and invest in platforms, processes, and talent that can truly scale with modern risk.
Check out the full webinar to find out how to how to reduce TCO while driving proactive security performance.
Discover More About Anomali
Get the latest news about cybersecurity, threat intelligence, and Anomali's Security and IT Operations platform.
Propel your mission with amplified visibility, analytics, and AI.
Learn how Anomali can help you cost-effectively improve your security posture.
