Cybersecurity is a hot-button topic, and continues to pop up in mainstream industry news every time there is a large-scale failure. So why does it continue to see so little investment? The answer is unfortunately cybersecurity’s biggest hurdle.
The issue is that largely, we live in a very numbers and statistics driven period of business. Organizations naturally demand KPIs and other metrics to determine effectiveness of various solutions. And all too often, cybersecurity comes up short.
“Is your investment in cybersecurity technology delivering an appropriate return on investment?” is a dangerous and hard to answer question, but an all too common one. 65% of CFOs are under pressure to yield ROI from technology, including cybersecurity. But unlike other fields, cybersecurity finds it hard to point to successes and financial benefits. By definition, an attack either dissuaded or defeated didn’t happen in a way that’s easily quantified.
This presents cybersecurity departments with an almost insurmountable issue: how to convince those holding the purse strings that they are of benefit to the company, and that they not only deserve but require a higher investment in order to continue performing at their best.
Benefits of healthy cybersecurity
Your cybersecurity investment can be considered justified if it achieves the intended purpose – securing your business and its digital assets, all the while complying with necessary regulations. But this is not easily expressed as an easy number. There are, however, quantitative measures that can be shown:
- Around the world, a data breach cost $4.88 million on average in 2024
- Business email compromises accounted for over $2.9 billion in losses in 2023
- The year 2023 saw 343 million victims, an increase in data breaches of 72% from 2022
- Damages from cybercrime are predicted to grow to $10.5 trillion in 2025
Key performance metrics
When seeking security solutions, business leaders often look at the price tag and focus on questions such as, “Will this solution help me stop attacks?” and “Will it be easy to deploy?”
There are questions that should be asked instead or in addition to this to form a more complete image:
Cost of ownership questions:
- How work-intensive is monitoring, maintenance and daily operations of this system
- What staffing needs does this system impose?
- How much of my cloud resources will this security solution use?
- If not on the Cloud, what hardware requirements will it have?
Risk mitigation questions:
- What impact will the system have on employee productivity?
- What are the estimated per-day costs of a business disruption caused by cybersecurity events?
- What are our expenses related to potential security breaches and their impact on the organization’s reputation, customer trust, and legal liabilities?
These questions give you a more complete image – both of your costs, and of the potential return on investment you are getting out of what is a primarily reactive, preventative measure. Until the cybersecurity field manages to overcome the hurdle of perceived financial inefficiency and sell itself as a needful and worthwhile investment, we will continue to see cybersecurity incidents and successful attacks propagate.
Your Data In Your Hands – With TECH-ARROW
