It is very common to look at Cybersecurity as simply a cost. It costs money to secure computers, tablets, servers, and any other devices you have with an OS at this point. But Security Cost goes beyond the cost of the individual components of security. London Security is going to briefly lay out some of these costs, and in the next several weeks go deeper into individual costs that can be damaging in the case of a breach.
Security Engineers - Certainly a cost that is relevant. The employees you need to manage security architecture, or the outside engineering resources you are paying for to cover that avenue of your security both have costs.
Audit Cost - The cost of an Audit to verify security components should also be included in your security cost analysis.
And those are just some of the physical costs associated with the technology purchase. What really should be concerning is the opportunity cost - the cost of doing nothing in these scenarios.
Reputation Cost - Companies live and die by their reputation. Who would want to use a bank that's prone to having security breaches? No one.
Fines - New laws and regulations have increased the cost of a breach, down to the point where there is personal liability to Security Officers or the board of trustees in the case of a larger breaches.
Repair Cost - The cost to analyze the weaknesses in your security, the cost of improving your security in a heightened situation is going to cost more than proactive solutions.
Insurance Increases - If you've had a breach, your insurance rate is going to go up. That is a given.
Insurance Claim Denial - This is a less known issue, but the way Cybersecurity Insurance contracts are set up, they assume a base level of protection that they lay out in the contract. If they find evidence that an organization is not meeting that standard, they will deny your claim - and if it later comes out (say if there is a lawsuit from consumers) that there was any kind of vulnerability that the "insured" knew about and did not fix an issue - they will potentially look to go after their client for the claim considering it fraudulent.
And... there are some others I can go into over the next several weeks. But as a good start to this conversation, consider your company's current Security Costs.
What are you spending money on today?
What budget are you requesting for the future?
Are you considering the growth of the threat landscape for the next 5 years?
Are you looking into the cost of replacing physical security components (security engineers leaving the organization, etc.) in the course of your calculations?
These are all important things to consider when looking at the cost of Cybsersecurity.