Making the case for cyber security investment

Posted by John Ryan
on 27-Mar-2019 08:07:00

43% of UK businesses experienced a cybersecurity breach or attack last year and it is thought to be more than 50% in Ireland. The average cost of cybercrime rose by over $1m last year to reach $13m per firm according to Accenture.

corporate security (3)

A single breach has the potential to irreparably damage the financial condition of even the most successful business and potentially ruin careers.

All companies are at risk, but some will be targeted more than others. For example, the Imperial War Museum suffered eight successful ransomware attacks over just three years. Hackers appear to have successfully hit the Tate four times with malware, phishing and other attacks.

It is vital that senior leaders understand that the value of protecting critical business data extends far beyond just covering assets.

How will a breach affect senior management and the organisation?

  • Reputational damage
  • Loss of consumer confidence
  • Loss of investor confidence
  • Huge fines
  • Business downtime and employees unable to work

And of course, stolen, perhaps commercially sensitive, data.

Data Protection Officer

The advent of GDPR last year, meant that certain companies such as public authorities and government departments had to employ a DPO. This made a big difference to highlighting the importance of cybersecurity investment amongst companies dealing with public data.

But for the rest of us, we are not quite there yet. Recent research from Accenture has found that 31% of companies are detecting three out of four attempted attacks compared with 8% in 2017. It’s improving, but it still leaves 70% of organisations detecting less than 75% of attacks.

No cybersecurity programme is 100% guaranteed, and a growing number of business leaders are awakening to the fact that a data breach is inevitable. In fact, we often quote John T. Chambers (former executive chairman and CEO of Cisco) who says:

“There are two types of companies: those that have been hacked, and those who don't know they have been hacked.”

Making the case for a cybersecurity investment – what to do

The first step is to carry out a security audit to see how the land lies now. You need to evaluate and prioritise your data and assets in terms of risk and value. Maybe email has the highest risk in your company. That should be where the highest level of cyber security budget goes. Or maybe you have a large number of privileged user accounts that if the wrong people got access to, could enable free reign throughout your network.

Only when you have prioritised your assets, can you determine what must be done to reduce those risks and get your cyber security protection as close to 100% as is possible. Your security spending should be based on the level of risk and importance of associated assets.

You should also consider outsourcing your cyber security. Zinopy provides a managed security service - a SIEM and SOC combination – that detects threats before they affect your network. And all for less than the price of one experienced cybersecurity engineer. Which as we all know, are hard to come by at the moment!

Watch a case study on Zinopy’s SOC/SIEM service from Cork IT.

 

Topics: SecureOperationsCentre

Written by John Ryan

John Ryan has over 25 years’ experience in the IT industry gained in high profile roles in the IT Security market with Entropy, Calyx and as founder and CEO of Zinopy. He has a breadth of technical experience in all areas of networking and security, with a particular focus on data security and enterprise risk management. John is a regular speaker at industry events.
Find me on: