Why Cybersecurity Is Such a Wise Investment
Investing in cybersecurity solutions will save your organization money and time, as well as protect your reputation.
You never thought your campus would be the target of a cyber attack. You’re a small, relatively obscure organization, and you don’t think you represent a big target for a hacker. As such, you don’t invest in adequate cyber defenses because you can’t justify spending that kind of money for something that you’ll probably never need.
Then, it happens. You’re hit with a ransomware attack, and your entire organization is locked out of your internal IT systems until you pay a hefty ransom.
Now, you wish you listened to your IT experts or your managed service provider when they said you needed to invest more in cybersecurity.
While there isn’t a true return on investment (ROI) when it comes to cybersecurity, these technologies can help save your organization a lot of trouble, says MJ Shoer, senior vice president and executive director of the CompTIA Information Sharing and Analysis Organization.
“If you do nothing and get breached, and you go out of business – there’s a huge ROI,” Shoer says.
Cybersecurity Can Protect Your Pocket Book
Cybercriminals have the benefit of always being one step ahead of cybersecurity solutions, and they’re always evolving and adopting new attack methods that cybersecurity experts have yet to encounter.
It’s one of the biggest risks of doing business these days, and you must prepare for it by layering security solutions. If you don’t you could pay a big price.
“A breach can put any business out of business,” Shoer says.
According to an IBM study of 500 global organizations and interviews with more than 3,200 security professionals, the average cost of a data breach is $3.86 million.
IBM found that advanced security technologies like artificial intelligence, automation, machine learning, analytics and others can help your organization save money in the event of a breach. Specifically, that’s a cost-saving difference of $3.58 million for companies with fully-deployed security automation versus those without.
In addition, incident response preparedness can help keep costs low when responding to a data breach. Organizations with neither an incident response team nor plans saw an average of $5.29 million in breach costs, compared to $2 million at organizations that have both an incident response team and simulations.
Cybersecurity Can Protect Your Time
Other attacks, like ransomware, can keep your organization offline for days or weeks until a ransom is paid. This has the doubling effect of lost business due to your organization’s inability to log into its core systems and a large lump sum to release your campus from the attacker’s grip.
According to cybersecurity company Coveware, the average cost of a ransomware attack last year was $84,116, although some ransom demands have been reported to be as high as $800,000.
In the same report, Coveware said the average downtime for an organization that suffered a ransomware attack was 16.2 days.
And, it can take days or weeks to complete a forensic analysis of a data breach, taking your employees away from other activities, such as teaching students, treating patients and protecting the campus community.
So, while there isn’t a quantifiable return-of-investment of cybersecurity solutions, there is instead a lot of headache saving.
Cybersecurity Can Protect Your Reputation
Organizations that suffer a large data breach or compromise also risk doing harm to their reputation if they aren’t equipped with adequate cybersecurity tools.
This is evident especially at public companies. Take SolarWinds, for example. The IT management software company was the target of a sophisticated attack in which hackers compromised an update of one of the company’s key products and created a backdoor into the IT environments of nearly 18,000 customers.
The effect on the company’s reputation was disastrous. Numerous headlines quickly appeared about the company’s lackadaisical approach to its own cybersecurity, but that was after the company’s stock price dipped to a low of $14.18 after trading for $23.55 before the breach was disclosed.
Now there are questions about if the company can hold onto its customer base and continue to grow, Shoer says.
“If you’ve been going to a local dentist and you find out they’ve been breached and your credit card information has been exposed, chances are you’re going to a different dentist,” Shoer says. “The reputational harm is tremendous.”
No Organization Is Immune
These days, no one organization is immune to cyber threats. Attackers have shown an ability to target different kinds of businesses in different sectors in a variety of different markets.
Even though large companies like SolarWinds with the IT knowledge to prevent these attacks get hacked, this doesn’t mean you shouldn’t invest in the protection of your own organization.
Why invest money in cybersecurity when you don’t stand a chance? Because you still lock your doors and set your alarm at night even though you know neither is going to prevent someone from breaking in if they’re determined, Shoer says.
“But you still do it because you try to make it as difficult as possible so they give up when they’re trying,” Shoer says. “That’s what it’s all about.”
This article originally ran in CS sister publication MyTechDecisions.com and has been edited. Zachary Comeau is TD’s web editor.