Security v/s Company Expense
When organizations are looking for ways to save money, cybersecurity sometimes ends up on the chopping block. For those companies fortunate enough to never have gone through a critical security breach, these services can seem extraneous. Why pay for something that’s not being used?
Unfortunately, the answer to this question becomes crystal clear once a breach happens.
Just last year, a report published by IBM Security found that the cost of data breaches had reached a 17-year high, to say nothing of the damage done to intangibles like customer trust. Companies unwilling to invest in cybersecurity all too often still pay a high price.
Companies need to plan for all conceivable man-made and natural occurrences, ranging from natural disasters to network malware attacks to zero day & CVEs. Calling a security team for help in the middle of an incident, for example, will not be fruitful. Security should be the first thought for every organization if they want to succeed in the longer run.
Return on Investment (ROI) — Costs and Benefits
The two basic standards used in evaluating ROI are costs and benefits. The Internal Rate of Return (IRR) is calculated on a series of cash flows, both outgoing and incoming. Outgoing cash flows are investments made or costs, while incoming cash flows are the benefits derived. However, an analysis of the ROI for security expenditures is far more complex and evolving.
The top three industries affected by the costs of data breaches listed in this report are, healthcare, financial, and pharmaceuticals. When you are a part of these industries, then you are also a potential target.
Breaking Down the Cost of a Security Incident
Estimating the cost of a data breach involves more than just adding up the direct costs of remediating security issues and paying damages to affected parties. These are substantial costs, of course, but one should also consider the following costs:
- Loss of reputation and its impact on revenue and employee morale
- Distraction from regular money-making business activities
- Loss of customers due to a breach of trust
- Security department resource utilization
- Blame game among employees on responsibility
Scaling Prevention Vs Recovery
Ponemon Institute lists the average cost of a data breach in the U.S. at $7.91 million, and the average cost of deploying “[cyber] security suite” at $2.88 million. These are median numbers, not to be taken as your company’s projection for security recovery, nor the cost of cyber security you would pay to avoid a data breach. But regardless of how you scale the differential, it shows that securing data costs far less than absorbing the cost of a data breach. Security is undoubtedly reigns supreme as it is a deal breaker. Saving money at the expense of Security is never a viable option.
For more information on Breaches, refer to:
