The Harvard Business Review has finally put words on thoughts I have been walking around with for the last year – “How come the documented cost of cyber attacks exceed the expenditure on cyber security by a factor of five or more?”
Cyber Security Ventures predict an accumulative spending of $1 trillion on cyber security in the next five years (2017-2021), while the annual cost of cyber related crime is predicted to be $6 trillion by 2021.
The reason is simply that the ROI calculation of the investment in cyber security versus the potential cost of breach is too complicated. Working out the likelihood of breach, the cost of remediation, data-loss, reputational impact, morale impact, sales impact, actual losses, productivity loss, loss of intellectual property is a multi-dimensional equation hard to solve for even the best mathematicians. This ultimately leads decision makers to go with their gut and their frugal shareholder strategy forcing them toward short-term profit management.
The full article from HBR can be found here.
Typically organisations with genuine concerns about cyber security those that have already suffered a cyber attack. We recently spoke to a customer who was on their fourth ransomware clean up – to say that they now appreciate the value of cyber security is an understatement and consequently they are on a journey of improving that security posture across the board.
Frankly organisations should know better. Even though the full equation might be too hard to work out, their gut should tell them that this should be an area of focus. All IT directors and board members need to do, is to pick up a newspaper or turn on the TV where there are an abundance of cyber breach stories. Many senior stakeholders in businesses might appreciate that there is a grave threat of cyber-attack, but they still refrain from asking for a review of the cyber security strategy. This is most likely because they know that it will require investment, which goes against the aforementioned strategy of most businesses.
In the meantime, at Cybanetix we continue to work with customers to understand their challenges, while designing solutions and services that deliver the greatest protection for the least effort and cost. Visit Cybanetix.com to get an understanding of how our security eco-system addresses cyber security challenges. Better still, contact us to discuss how we can potentially help your organisation.