Businesses are still viewing cybersecurity as an additional cost rather than a necessity. As a result, they are reluctant to free up their budget and spend on the business’s security. Certainly, they don’t realise how much more cash recovering from a cyber incident costs a business, after they get hacked.
Some of the key issues facing businesses today are cyberattacks such as ransomware, business email compromise (BEC) scams and data breaches. But many boardrooms are still holding back from investing in security even though there are number of high-profile incidents and their expensive fallout in the news. In other words, they are holding back from implementing necessary cybersecurity and are more than likely participating in risky behaviour that could see the business become the next victim.
Above all, some organisation don’t fully understand the cost of falling victim to a major cyber incident like a ransomware attack until it’s too late and they’ve been hacked. And often don’t realise it is more cost effective to invest in people and procedures that can stop an incident.
Chris Wysopal, co-founder and CTO of cybersecurity company Veracode says that “organisations don’t like spending money on preventative stuff. They don’t want to overspend…so they wait for them to be hacked, and then they have the big expense of cleaning it up.”
Not until an event has happened do businesses understand the financial impact, realising they could have spent less if they had prevented the attack. Chris Wysopal, states “a lot of organisations are going through that right now”.
For instance, the business may need to outlay large sums of money when there is an incident, such as:
- Paying thousands – to millions of dollars to ransomware criminals for the decryption key for an encrypted network
- investigating, remediating, and restoring the IT infrastructure of the whole business after the incident.
And if the business doesn’t have cyber insurance, the ransom amounts alone could definitely pay for many a cybersecurity expert. Cyber insurance premiums are also set to rise as the ransomware threats continue to increase.
Also due to the high demand for employees with the required skills retaining and hiring staff may pose an issue in future. Even for those businesses who have invested in cybersecurity strategies.
Wysopal believes, while the supply and demand issue aren’t going to be solved overnight the long-term investment in cybersecurity is vital. For example, upskilling the workforce in cybersecurity to help protect organisations from attacks. “Cybersecurity could become part of every IT or computer science students’ training whether it’s building and managing systems in an IT environment or building software,” he explained.
If organisations have a small budget, the staff that have at least had some training in cybersecurity can help organisations, with their understanding of cybersecurity and the importance.
Wysopal has initiated talks with several colleges in the hopes of making cybersecurity part if the computer science curriculum.
