In 2014 alone, McAfee estimates that global cyber-crime accounted for losses of over $375 billion. This growing threat gives lucrative returns while providing an ideal low-risk environment for cyber criminals.
Today, no business is safe. Yet despite this emerging threat, it seems that cyber security spending has been overlooked and management of the technological and financial realms within a corporation are decidedly split.
Related Article: How to Protect Your Small Business From Cyber Attacks
The Typical CFO and a Timely Realization
This overlooking of adequate cyber security spending may be due to poor understanding of the financial implications of ignoring such a threat. Recent headlines, such as the Sony hack are great reminders of how much breaches of data can cost a company in this day and age.
Fortune recently published an in-depth article surrounding the movie studio hack and the importance of keeping an updated security system. The article explains, “experts say Sony’s electronic security probably wasn’t worse than that of many others; weak, outmoded practices are the norm at far too many companies.”
Furthermore, the article concluded that Sony had “failed to employ several basic safeguards” before the hacked occurred. Cyber security measures were not a top priority and Sony is paying dearly from the damage caused.
Other issues of misunderstanding could arise from poor communications between those inside of the technological realm to those firmly inside of the financial department. CFOs need to not only understand the importance of spending on cyber security, but know their role against it. They now are the ones that have to promote cyber security and identify emerging threats to the company.
Today it appears that following years of under- spending, CFOs are appreciating the importance of allocating their budget to security. For instance, according to a survey conducted by BDO USA of the 100 U.S. technology CFOs, two-thirds said they have increased their cyber security measures in the past year. CFO Signals surveyed 103 CFOs and 74 percent of those surveyed ranked cyber security as their top priority, while only six percent do not.
Cyber Security Spending: Appreciating ROI
While it’s important to understand and recognize the threat, it’s another to act on it. This is where the importance of ROI comes into play.
The calculation of ROI with cyber security spending presents a complex proposition where no two organizations are the same. Each being subject to drastically differing assets, IT structures and operations that may be accessed, interrupted and disrupted, resulting in low costs.
There are sweeping generalizations that should be understood by all, such as the effectiveness of including a security awareness program and employee cyber security training within an organization. Employees could be your weakest link when it comes to cyber security.
For example, under-trained employees are the largest threat to federal agencies. Therefore, employee training should be a start to cyber security. According to PWC US State of Cybercrime 2014 survey, organizations without security awareness programs report security incident costs to be four times higher than their peers.
In addition, employing cyber security measures will protect your brand reputation, which is vital to your business. Hackers today look to break that trust your organization has with the industry and public—and by employing multiple security measures, you can protect that asset.
Related Article: 5 Questions to Ask When a Security Breach Has Occurred
The Landscape of Cyber Security Today
Cyber threats have never been more advanced, nor have they evolved at such a rapid pace. Due to this landscape, cyber security is even more fluid. Although there may be a set of well-defined threats, tomorrow may present a completely new collection of challenges that must be adapted quickly. This represents an unknown and unexplored landscape, which means companies will have to be implement and enhance their security systems if they are to remain even as equally as protected as they were even weeks before.
Specifically, CFOs will need to adopt a multi-faceted approach where security is thought of holistically from every angle. Having layered security can help stop attacks before they hit the core of your organization’s data. Organizations need to limit the impact in order to protect that customer trust. What’s more than humans infamously serving as the weakest link within any technological chain, now is a more important time than ever for adequate security training and privilege abuse tracking. All of which will require CFOs continuing in their support of their fellow CTOs with the necessary budgets.
CFOs, now more than ever, not only need to see the importance but update and enhance their cyber security measures. By updating systems, training employees and allotting money to CTOs, they will protect their brand and vital customer trust. The ROIs are endless when organizations understand how damaging outdated cyber security can be.