Why securing the modern workplace now includes financial discipline
One of the most consistent themes in conversations with IT leaders right now is cost. Not because organisations are trying to reduce investment in technology, but because the cost of running a modern workplace has increased across almost every category.
Licence renewals arrive at a higher price than they did a year or two ago. AI capabilities appear as paid-for add-ons within platforms that organisations already depend on. Security tooling continues to expand as environments become more complex. Hardware refresh cycles are significantly more expensive than they used to be.
When you step back and look at the whole environment, the operational cost of running a secure, modern workplace is dramatically higher than it was a few years ago.
What makes the situation more complicated is that two very sensible priorities are pushing spend in the same direction.
On one side, organisations are investing in innovation. AI capabilities are being introduced into familiar productivity tools, collaboration platforms continue to evolve, and new services promise efficiency gains across the business.
At the same time, organisations are strengthening security. Detection and response capabilities are expanding, monitoring is becoming more comprehensive, and additional controls are introduced as environments grow more distributed and interconnected.
Both of these priorities are completely reasonable. No leadership team wants to fall behind in capability, and no organisation wants to leave avoidable risk unaddressed. The difficulty is that when innovation and protection both expand at the same time, operational spend grows quickly.
It’s not unusual to find that licences have drifted away from actual usage, that multiple security tools overlap in what they do, or that services introduced for a specific project remain in place long after the original requirement has passed. This generally is not because of poor decision-making. It’s simply the result of environments evolving continuously while day-to-day operational priorities take precedence.
When resilience is discussed, the focus normally sits on cyber protection, detection and recovery. Those elements are clearly essential. If systems fail or data is compromised, organisations must be able to respond quickly and restore operations.
But resilience has a financial dimension as well.
If the cost of running the environment becomes unpredictable or inflated, that introduces a different type of risk. Security investment can become harder to sustain over time. Strategic initiatives may be delayed because budgets are already stretched. Leadership conversations become more cautious because the cost base is already higher than expected.
In that sense, uncontrolled cost growth can undermine resilience just as effectively as technical weaknesses. That’s why many organisations increasingly treat cost discipline as part of their resilience strategy, not something separate from it.
The answer is rarely aggressive cost cutting. In fact, that approach often weakens resilience rather than strengthening it.
The more useful step is gaining a clear picture of what the organisation is actually running today and why. Many IT leaders discover that licence allocations no longer match how people are working, or that security tools introduced at different points in time are performing overlapping roles.
Microsoft 365 is a good example. Over time, tenants accumulate additional licences, collaboration services and security features. Some are essential. Others may be underused or configured in ways that don’t fully support the organisation’s objectives.
A structured review of the environment often highlights opportunities to simplify without weakening protection. Licences can be aligned with real usage patterns. Security tooling can be rationalised so that teams focus on meaningful signals rather than juggling multiple overlapping systems. Configuration can be adjusted so that existing capabilities are used more effectively.
None of this reduces resilience. In many cases it strengthens it.
In the first article in this series, I described how several pressures are landing at the same time for IT leaders: enabling productivity, adopting AI, and improving resilience.
Cost pressure sits firmly within that same convergence.
When AI capabilities are introduced, licensing structures evolve. When collaboration expands, identity and security controls become more important. When additional security tools are deployed, operational complexity increases. And when complexity increases, both risk and cost tend to follow.
This is why the most resilient organisations don’t treat cost as a separate conversation. They look at how productivity, governance, security and spend interact across the whole environment.
Often the answer isn’t introducing more technology. It’s gaining clarity on the estate that already exists and making deliberate decisions about where simplification, optimisation or consolidation would strengthen both resilience and financial control.
If cost pressure is becoming more visible in your own environment, it may be worth stepping back and reviewing the bigger picture. A structured assessment of licences, configuration and tooling often reveals opportunities to improve resilience while bringing operational costs back under control.
If that’s a conversation you’d find useful, I’m always happy to compare notes.
