Invest in Cybersecurity Now to Save Money Later

Spend Now to Save Later Graphic
Spend now to save later. This concept sounds counterintuitive, but think about the situations where you take it for granted: You spend a couple hundred dollars to change your brake pads now so you don’t have to fork over several hundred for repairs when the braking system fails. You shell out a copay for a trip to the dentist so you don’t have to spend several hundred dollars (or even a couple thousand) on a root canal later. You pay a few thousand dollars to fix a crack in your home’s foundation so you don’t have to spend tens of thousands to repair a sunken house a few years down the road. The same concept applies to cybersecurity. By investing in cybersecurity preparedness now, you could reduce — or even avoid — remediation costs later.

The Cost of Cybersecurity Response vs. Prevention

Experts generally agree that global total cyber crime damage costs will surpass $6 trillion annually by 2021. That’s about a third of the current U.S. national debt and a 100 percent increase from 2015. The cumulative cost of cyber crime dwarfs the corresponding amount that will be spent on cybersecurity from now until 2021 — about $1 trillion. Clearly, there’s been a greater emphasis on detection and response than preparedness and prevention. Are you guilty of the same thing?

What Target and Equifax Teach Us

Target’s infamous breach from 2013 is instructive here. In early 2015, the company agreed to pay individual victims up to $10,000 in damages and was forced to adopt long-overdue, basic data security measures. Many people thought the company got off relatively light (despite sacrificing its CIO and CEO in the process).

From a financial perspective, you might have concluded from Target’s experience that investing in cybersecurity really was a waste of money compared to saving the extra resources, perhaps to cover the cost of a breach should one ever occur. (For most companies, particularly smaller ones, this is a luxury they cannot afford.)

Now an additional three years removed, we know that the lingering costs of the breach continued to balloon, eventually surpassing $300 million. Not only that, but the brand experiences several harder-to-quantify costs: damaged brand equity, loss of customer loyalty and diminished company reputation. As the public becomes more cognizant of the role played by companies in their success or failure at safeguarding consumer data, expect the impact of these intangible costs to increase exponentially.

Finally, fast-forward to 2017. The infamous Equifax data breach drew considerably more public ire than the Target case just four years prior, reflecting increasing awareness on the part of the individuals affected. It would also prove to be the most expensive data breach in history, with costs exceeding $439 million through the end of 2017 and expected to climb as high as $600 million before the dust settles. The Equifax case demonstrates that:

  • The cost, in real dollars, of data breaches is climbing quickly.
  • The cost in terms of reputational damage and consumer backlash is becoming more real.

How to Respond Rather Than React

Put yourself in the place of these companies. If you suffered a massive breach, would your actions and resource allocation before the fact indicate that you had taken data security seriously? If the answer is no, consider the lasting costs inflicted on your company: lost revenue, damaged brand equity, loss of customer loyalty and diminished company reputation. That’s not to mention the very real impact on those individuals directly affected by the data breach itself.

Over the long term, the cost of prevention far outweighs the cost of response. Because cyber attacks are inevitable, both prevention and response are ultimately necessary, but the key to reduced costs is understanding the long-term risk to your businesses and allocating your resources accordingly. These steps are a good starting point:

Rather than waiting for a crisis to hit and reacting in the moment, take proactive steps to prepare your business for a cyber attack. Invest in proven prevention methods, tools and services now so it doesn’t cost you later.

No comments:

Post a Comment

Popular Posts