As this year is winding down, many businesses are starting to plan and submit budget requests for the next fiscal year. With recent devastating cyber-attacks, decision makers now, more than ever, need to start incorporating cybersecurity in their financial plans.
All companies store sensitive data―whether it’s personal data for employees, customers, business operations, etc.—which means they must be willing to make an investment to increase their security. Nowadays, breaches are often more a matter of “when will they happen” versus “if they happen.”
Data shows the cost of a single attack greatly outweighs the cost of preventing it. The Ponemon Institute released their 2017 study and found the average cost of a data breach is about $3.62 million―and that amount doesn’t include the damage to reputation and future customer bases. Another perspective is the average cost per lost record of $158. Once a company has experienced a breach compromising its customers’ sensitive data, 64% of consumers say they are unlikely to do further business with that company. Even if the company takes steps to remediate the issue, research shows that breaches can cost retailers about one-fifth of their customers.
The faster the data breach can be identified and contained means lower costs. Investing in qualified and mid-level managerial personnel is important, but organizations should also invest resources into their technical positions. The 2017 Ponemon Institute study found that companies utilizing an Incident Response (IR) team can reduce the cost per record by almost half.
Close to 50% of IT professionals say their companies do not have enough support for IT security training, and more than 60% say security teams are understaffed or face a skills gap.
Additionally, over half of organizations that have experienced data breaches said the root cause was due to negligent employees. Hackers take advantage of the general tendency of people wanting to be helpful. People are also trained to be compliant with authority figures so they’re more likely to fall for attackers posing as law enforcement, top management or human resources.
To ensure cybersecurity is a core part of your business’s budget and security plan, consider the following questions. Or, complete the form at the bottom of the page to learn how Dunbar Cybersecurity can help close any gaps in your current security program.
QUESTIONS TO CONSIDER:
1. What are the organization’s most important assets, systems and applications?
To identify the items most at risk, consider which data would cause the most damage to the organization if compromised. Categorize information and systems based on their potential impact to understand where the threats lie.
2. What are the threats and vulnerabilities that could compromise those assets?
Develop a process or system to regularly review sensitive and critical assets. Also ensure the current protocols are not causing employees to work around the security to get their job done―this could be creating new risks at the same time.
3. What protections are currently in place for those assets and are they configured properly?
This is a good time to go through and make sure all security updates have been installed and all patches have been downloaded. Leaving unprotected endpoints can allow hackers to easily access sensitive data, or worse: your entire network.
4. What do I need to invest in to better protect those assets?
While checking the current security measures are updated, make note of any areas that could use additional support or are lacking support altogether. These factors will be important to address to ensure your data and company are fully secure.
5. When was the last time employees completed a cyber awareness training?
Technology systems can only do so much if employees are not properly trained on security protocols. Educate employees on phishing scams and other social engineering ploys hackers attempt to use to gain access to a network.
While the questions above are great to get the conversation started, it is not uncommon for leadership to question the merits of a comprehensive cyber solution when their organization has yet to encounter a breach. Information Security Executives (ISEs) need to demonstrate how a strong cybersecurity program can acquire and retain customers, improve market performance, drive company growth, and cut operational costs. Only when security adopts the language of the business world will ISEs be taken seriously.
Check out our FREE Business Case to help illustrate that cybersecurity must be treated as a top business priority.
Overdue for a security assessment or need assistance with implementing the steps above? It’s not too late to prepare and secure your company. Request a security assessment today.