All business decisions are primarily at their root based on results. Or at least they should be. But that is another subject. Assuming this is true. You want results, and you want to be able to see them, measure them and plan for them. You want to be able to see what your results would be with and without the correct solution. A tall order. This is something that is sometimes promised but not always delivered.
Proper Security Posture
The proper security posture should be able to show you results. They should be concrete objectives that you can count on. For instance, what does it cost the average company for a single security breach? The answer is around $3.5 million. Now that is an average of all the small ones and the big ones combined. If your company is bigger expect bigger losses. If you just have 1 security breach in a year. And you can reduce that number by half, (being conservative) in five years you can save $13.5 million. That is a tangible benefit. That is a result you can look at and know its value. This is without laying anyone off, not having to cut salaries, not having to reduce benefits, a straight $13.5 million. And lets not even get started on a major breach like a Target Stores, or a Home Depot. The numbers can be astronomical.
Competitive Advantage
But I know what you are thinking. What do hacking and security have to do with me and my competition? The answer is it has a lot to do with it. If your customers, vendors, or business partners, get wind of a major breach how will this affect your position in your market? It can be significant. And if you look at other implications such as regulatory problems, or legal liability it can be even worse. Just ask yourself. You have a choice between vendor A or vendor B, to do significant business with. Vendor A has a major security breach that they are fighting, and they assure you that they have it under control. Vendor B has no incidents. Who are you going go with? I know the decision is not that simple but this may sway you to avoid a potential issue especially in a close competitive environment. And if it is your supply chain you are worried about it may be more severe. Some companies are seriously concerned with disruption or interference in their supply chain and are already demanding tighter more measurable security. Now that is something that you can measure.