So whats in it for me? What will a strong security posture get me that I don’t get right now? Why would I want to go to the trouble of spending the money and the time on strengthening my security posture? These are good questions and at the root of all decisions, we make either personal or business these questions are either overtly coming up or they are lodged somewhere in the back of our minds.
A good security posture will cost your company money, it will cost you resources in personnel, management, and training. It will also cost you some time out of your busy schedule. These are a given. However, the benefits it will bring to your company and to you personally can be quite significant.
The Payoff
I have written extensively about this in my upcoming book on cybersecurity for management and executives entitled “One False Click: How to protect yourself in the coming cyber war”. It will be out soon and goes into great detail on this subject. But for now, lets take a look at some of the numbers and how it will work for your situation.
Cybersecurity I have said is that “no problem facing corporate America is more serious, more widespread, and more fixable than cybersecurity.” And I stand by this today as I did years ago. But what we want to look at today is the fixable part. What does it really cost to have a major cybersecurity breach and what does it cost to prevent one.
The cost of building a strong cybersecurity posture is not very easy to quantify from a general standpoint this can vary from company to company depending on goals as well as current cybersecurity posture. But we do know something about the cost. The average cost of a major breach is estimated by the Ponemon Institute at around $4.5 million per incident. And estimates from SecureWorks puts the number closer to $7 million and rising. So when you ask what’s in it for me, it can be a lot.
Where Do You Want To Be
And that is just the average cost, including small and large companies. Think about what your incremental cost would be to bring your security posture up to a strong position. It most certainly will not be in the millions unless you are operating a very large company that is currently very behind on your cybersecurity posture.
But if you are in this position you have much bigger things to worry about. But on an average the companies I normally see returns of 20 or 30 to one. When looking in the cost of putting your cybersecurity posture right vs doing nothing and suffering a major breach. In addition to this, you have to deal with the loss of customers, loss members of your supply chain, and your valuable reputation. The last one being the most difficult to fix.
So just a word about whats in it for me? A lot is in it for me, monetarily as well as intangibles such as reputation and negative publicity. But with a little work and the guidelines, I lay out every week in this blog you can get on the road to safety and security. Remember that there is always help out there, it is not a lost cause or that there is nothing to do about it. Look to our trusted advisors both inside of your company as well as outside. Security services companies can also be of help. And even your peers to understand what they are doing to protect themselves. All of these are good resources to get you on your way to a secure posture.