As a company that provides cybersecurity services to different types of businesses, both in size and industry, it’s always interesting to see the repeat questions executives have and the consistent challenges IT security executives face in talking about security to the board.
A recurring theme that always grabs the attention of both CEOs and CIOs are data breach costs. However, it’s only helpful if one can create a connection between those costs and a well-rounded cybersecurity posture. Common ground is what can get both sides to be on the same page and take the next steps to improve cybersecurity across the organization.
A look at CISCO’s 2017 Cybersecurity Report: Chief Security Officers Reveal True Cost of Breaches And The Actions That Organizations Are Taking can be a great starting point. CISCO’s report provides insights gathered from 3,000 CSOs and other security leaders from businesses in 13 different countries.
The first cost repercussion following a breach that the report highlights is public scrutiny after a security breach. The study finds that 50% of organizations face public scrutiny as a consequence of breach; and that their operations and finance systems are most affected, followed by brand reputation and customer retention.
- In 2016, 22% of breached organizations lost customers and from that percentage: 40% lost more than a fifth of their customer base.
The common ground for CEOs and CIOs here is that neither wants to look back and know they didn’t do enough to prevent breach. This is important as you face public scrutiny because if you didn’t do everything that was in your power to prevent breach it will come out as you face those tough questions by the media, stakeholders, and customers.
Another impact to organizations (after a breach) is revenue. While revenue is something organizations hear about all the time when talking about cybersecurity and breach, the lost business opportunities component doesn’t get highlighted enough.
- CISCO reports that in 2016, 29% of businesses lost revenue, with 38% of that group losing more than a fifth of their revenue; and that 23% of organizations lost business opportunities, with 42% of them losing more than a fifth of such opportunities.
When a potential business investor or partner asks you if you did everything in your power to prevent breach and/or if your cybersecurity goes beyond compliance requirements; your answer will make all the difference.
Once CEOs realize that they are actually losing business opportunities, like business partnerships, for not implementing necessary cybersecurity measures; CIOs could have an easier time getting executives to allocate resources in areas that are causing them to remain average with their cybersecurity posture.
- CISCO’s report shows that the biggest barriers to CSOs advancing their security postures include budget constraints, poor compatibility of systems, and a lack of trained talent.
- Furthermore, the study also reveals that IT security leaders find their security departments’ environment increasingly complex (with nearly two thirds of organizations using six or more security products, some even more than 50), which increases the potential for security effectiveness gaps and mistakes.
Having the expertise necessary to manage the security products used by an organization for cybersecurity is part of the problem; as is not providing more assistance budget wise, so that IT security leaders can take the necessary steps to go beyond basic cybersecurity measures.
When you look at the areas affected by breach you find that all of them require a holistic approach to cybersecurity. Security goes beyond having one security leader on a team, it goes beyond security products, and it goes beyond solely implementing compliance requirements.
The costs of breach are what’s on the surface, below the surface you find public scrutiny, loss of business partners for not doing more, and an overwhelmed IT security leader and team.
If you have any concerns with how you can improve cybersecurity for your organization, manage breach to reduce costs and fill the gaps that come with a lack in security expertise; give us a call.
We’re here to help, so please schedule your free consultation and get ahead of your risks!
Photo Courtesy of buttet