Budgeting for cyber security - count the costs

ONE of the hallmarks of a successful cyber security strategy is a business that does not fall victim to damaging cyber attacks which costs money (and face). This makes it difficult to measure the return on investment in cyber security solutions, because success is demonstrated through the absence of something rather than the generation of business income. This can make it tough for chief information security officers (CISOs) to make a compelling business case for bigger cyber security budgets.

Oftentimes, it is also a challenge to prioritise or determine which cyber security solutions are working and which are superfluous. This is especially tricky given the disruptions brought about by Covid-19 in the past few months. Organisations are dealing with unprecedented levels of change, and are likely to take on a more vigilant and cautious approach to spending as they figure out how to adapt to the new normal.

One way to effectively budget for cyber security is to attach real numbers to hypothetical situations. Determining how much a successful breach could cost the organisation is a compelling way to demonstrate the value of the technology that prevents that breach from occurring.