It is important to note the need for retainer arrangements in a good security posture. I worked with a company that provided security services and products several years ago, it was a large company calling on large clients. We had another division within the company that did things like security mitigation, threat response, threat monitoring, and they offered these services on an as needed basis as well as in a retainer arrangement.
The cost of the retainer arrangement as you might expect was literally about a third to one-quarter of the cost of having to call their threat response agreement with no contract asking them to respond to a problem immediately. This fact was not always enough to persuade many clients to buy into their services.
Retainers Save Money
The thought is that it is not going to happen to me. I will not get hit by a major cybersecurity breach. I am prepared for this. If I do get attacked I will be able to handle it. Unfortunately, the facts say another thing. I write about this extensively in my upcoming book titled “One False Click: How To Protect Yourself In The Coming Cyber War.” I talk about the facts on the ground. The Cisco Systems annual Cybersecurity Report surveyed executives and IT professionals worldwide and what they found was that 38% of companies that suffered a cyber security attack saw a 20% loss in revenue. This is a significant loss, and for some companies may even be the end of the company.
The Ponemon Institute reported that there is a 43% chance of a security breach in a given year. This does not bode well for avoiding a cyber-attack. Your chances are almost a certainty as you start adding up the years.
Another Kind Of Retainer
So let’s look at another kind of retainer fire insurance. What are the chances of your headquarters building burning down in a given year? I am not sure of the exact number but it’s a lot less than 43%. If it was you would be able to look out across your city’s skyline and see buildings burning all over the place. In fact, if you had a visual indication of cyberattacks like smoke there would be a lot of smoke out there.
But we would never even consider going without fire insurance and rightfully so. But we do take cybersecurity protection for granted sometimes. It is understandable since it is not so obvious, it happens in the shadows, and is relegated to the technical specialists in the IT field. But it should not be like this. It should be something that we confront at all levels of management on a daily basis. And we should be considering some type of ongoing arrangement to deal with this ongoing problem. This is why cybersecurity retainer arrangements are so valuable.
Being able to pick up the phone anytime and anywhere to have the trusted advisor to assist in making those critical decisions is so important. Who would you call to determine what to do in the latest ransomware attack? Are you sure all your bases are covered? Who do you discuss you latest IT cybersecurity specialist hire with? How would you write a job description and list of goals for a new CISO? These are the kind of things a trusted advisor on retainer can help you with. Any one of these items could pay for themselves easily.