Latest Trending
Last Updated, Sep 12, 2021, 5:55 PM
Budgeting for Cybersecurity Requires a New Approach
Share This


When a country sends its army to war, it does so based on a plan to win, not on fitting a predetermined budget.

But when it comes to the virtual cybersecurity battlefield, CFOs too often take the opposite approach, leaving their companies unnecessarily exposed. Their spending on cyber defense is shoehorned into a rigid budget plan rather than guided by a genuine assessment of security needs.

Cybersecurity spending needs to be treated differently because of the excessive damage that a successful attack can inflict. A million dollars saved now can easily cost $25 million later when a ransomware attack breaks through a company’s defenses or a phishing attempt results in a leak of sensitive customer data. Even if a company has cyber insurance to mitigate the direct financial costs, a successful attack can still lead to major reputational damage, lost customers, and hefty legal fees.

That is hardly a theoretical risk. Cyberattacks are surging in the wake of the pandemic, and the work-from-home phenomenon has created more vulnerabilities. The FBI’s Internet Crime Complaint Center received nearly 800,000 cybercrime complaints in 2020, with reported losses exceeding $4.1 billion, up from $3.5 billion in 2019. This year there has been no let-up. The August 2021 breach of 50 million T-Mobile customers’ data by a 21-year-old hacker shows that even large, sophisticated companies aren’t immune.

Recipe for Failure

In this environment, managing cybersecurity to a budget is a recipe for failure. Just because cybersecurity spend was $1 million last year doesn’t mean it should be 5% higher this year in line with the traditional budget approval process.

The right approach for company leadership is to put budget considerations aside and first evaluate what’s needed to protect against cybersecurity threats. The starting point should be assessing risk, not establishing a dollar-spending figure. Of course, all companies have limits on how much they can allocate to cyber defense. Still, the risk-first approach allows a company to consciously decide which threats are acceptable versus leaving the company open to potentially crippling attacks.

Three Key Areas

There are three key areas where executives should be evaluating risks and the budget needed to cover them: people, technology, and processes.

People

Having the right personnel is perhaps the most crucial element of cyber defense. There’s a tendency for executives to assume that they don’t need to invest as much in people because they have cybersecurity tech products. But the tech is only as good as the people who configure and monitor it and know how to respond to threats as they occur. Protective processes, such as ensuring access for departing employees is eliminated or new servers are secured, need a strong team to carry them out. Companies need to have the right mix of strategic cybersecurity leaders and engineers and supplement that team with third-party consultants as necessary.

Technology

The hundreds of cybersecurity tech solutions on the market represent both a blessing and a curse. They give companies great options for protection and monitoring, but they also raise the risk of overspending and creating unnecessary overlap among products. The solution is for the CFO and IT leaders to whiteboard the tools needed to address critical risks and budget accordingly, rather than being tempted by sales pitches. The goal should be to create a dashboard that brings vital information from the tools together and enables leaders to monitor critical threats and processes in real-time.

Processes

A cybersecurity budget should account for the processes needed to secure systems properly. Both IT specialists and non-IT staff need to know what procedures to follow in terms of everyday cyber hygiene and in the event of an urgent incident. A budget needs to be set to ensure that solid processes are in place for activities such as backing up data and securing laptops, as well as dealing with a compromised password or an accidental data leak.

Once the risk outlook has been thoroughly evaluated, companies can start to put together the right-size budget to address potential threats and put themselves in a strong position to win the cyberwar.

Raj Patel is a partner at Plante Moran. He leads the cybersecurity practice. 

budgeting, cyber risk, cyberattack, T-Mobile

24World Media does not take any responsibility of the information you see on this page. The content this page contains is from independent third-party content provider. If you have any concerns regarding the content, please free to write us here: contact@24worldmedia.com

Latest Post

4 Advantages of Owning Your Own Dump Truck

Last Updated,Oct 4, 2024

5 Characteristics of Truth and Consequences in NM

Last Updated,Sep 30, 2024

How To Make Your Wedding More Accessible

Last Updated,Sep 11, 2024

Ensure Large-Format Printing Success With These Tips

Last Updated,Sep 11, 2024

4 Reasons To Consider an Artificial Lawn

Last Updated,Sep 11, 2024

The Importance of Industrial Bearings in Manufacturing

Last Updated,Sep 11, 2024

5 Tips for Getting Your First Product Out the Door

Last Updated,Sep 11, 2024

Most Popular Metal Alloys for Industrial Applications

Last Updated,Sep 6, 2024

5 Errors To Avoid in Your Pharmaceutical Clinical Trial

Last Updated,Aug 20, 2024

Ways You Can Make Your Mining Operation Cleaner

Last Updated,Aug 12, 2024

Tips for Starting a New Part of Your Life

Last Updated,Jul 16, 2024

Easy Ways To Beautify Your Home’s Exterior

Last Updated,Jun 18, 2024