Cybersecurity: The New Cost of Doing Business
Businesses can’t afford to put-off cybersecurity any longer.
As any business executive knows, there are certain expenses a business must undertake in order to function properly. That often includes paying employees, providing benefits, leasing a space, and other expenses. In today’s environment, businesses need to consider the cost of protecting itself from cyber threats such as hacking, phishing, and malware.
So what does this new cost center look like? To understand this fully, businesses can look at related expenditures through four lenses: hard and soft costs, and short and long-term costs. Let’s take a closer look at each.
Cybersecurity Hard Costs
Hard costs can include a variety of items, including (but not limited to) hardware costs such as firewalls, but also the cost of hiring a cybersecurity firm to help get IT infrastructure up to speed, as well as to maintain it. Developing a budget for this can be challenging, as there are many factors that can influence how much protection a business needs based on size of the firm, the complexity of existing IT infrastructure, the type of information the business stores, among others.
Cybersecurity Soft Costs
Cybersecurity soft costs typically refer to the opportunity cost of not protecting a business. As we mentioned previously, Target’s Q4-13 sales fell by a whopping 46 percent after experiencing a massive attack where more than 40 million customers had their credit card information stolen. This type of cost is very challenging to predict; the size and scope of a successful attack may vary, as do the losses generated as a result of such an attack. Will a company lose only 10 percent of its customers, or maybe 60 percent, as a result of an attack? Not being able to plan a budget for soft costs solidifies the business case to increase the hard cost budget in order to prevent paying larger costs in the event of an attack.
Cybersecurity Short-term Costs
Similar to hard costs, these types of cybersecurity costs can be relatively predictable, making it easier to budget for them. That said, it shouldn’t be surprising to learn that many businesses avoid higher short-term cybersecurity costs, usually to the detriment of long-term savings. Businesses have many stakeholders who mainly care about the bottom line. While no one would expect a small business to spend more than what it can afford to protect itself, not investing sufficiently in the short-term often increases long-term overhead.
Not all short-term costs are predictable, though, such as the immediate impact a cyber-attack has on a business. These types of short-term costs can often lead to long-term losses if not corrected or mitigated appropriately.
Cybersecurity Long-term Costs
Long-term cybersecurity costs can include ongoing cybersecurity support. They can also refer to the long-term costs of a successful cyber-attack. If an attack or breach causes a business a loss of reputation or goodwill with its customers, the cost of these losses may not be apparent for many years. Aside from ongoing security costs, planning for the long-term impact of soft costs are challenging to forecast.
No matter how you look at costs, the truth is that nearly all businesses require some sort of cybersecurity expenditure in order to prevent a major (or minor) cyber-attack and to ensure continued operations in the event of a security breach. In today’s world, where cyber-threats are global and can come from almost anywhere, there is likely not a single business that is at risk of an attack, making investments in cybersecurity an essential part of any business budget.
If you wondering if you need better cybersecurity, you probably do. Find a qualified partner to help ensure your company’s digital security, by checking out our directory of cybersecurity product and services companies. Reach out to some of the most qualified cybersecurity professionals in the world located right here in Maryland, the birthplace of cybersecurity.