Demonstrating ROI on cybersecurity is notoriously difficult and is one of the reasons we see so many breach stories in the news. Breaches that affect companies large and small, and that also target governments and their organizations.
The reason it is so hard to determine ROI on cybersecurity is because it rests on hypothetical situations. It’s hard to say how many breaches might have happened if you didn’t have cybersecurity policies and products in place. Perhaps we need to re-evaluate how we look at ROI. Perhaps there are other metrics that should be considered, like stock value and public confidence.
Think back to the Equifax breach in 2017. Former CEO Richard Smith blamed the breach on an IT tech, but it is Smith who had to testify before the Department of Homeland Security's Computer Emergency Readiness Team (CERT). It was CEO Smith who lost his job. And since 2017, Equifax, after disclosing news of the breach, its stock dropped by 31%. While the stock has recovered somewhat, investors are still wary, with Financhill’s blog advising investors not to buy or sell Equifax stock. This also doesn’t include any of the costs associated with legal fees, regulatory fines and ongoing credit monitoring for the victims of the breach. Since the breach disclosure, I can’t think of a single person in my circle who would want to use Equifax’s services.
When security is done right, nothing happens. When nothing happens for long enough, it’s easy to begin to wonder if the expense is worthwhile. A silly thought when you consider nobody questions the ROI of putting locks on the door. The reality is, when a breach does happen, stock prices fall and consumer confidence fades. Couple that with steep regulatory fines, and a breach could put your company out of business. The cost of doing nothing is just too great to risk.
Contact Uzado today to learn how to protect your business!