You never thought your company would be the target of a cyber attack. You’re a small, relatively obscure company with only a few dozen employees, and judging by your balance sheet, you don’t think you represent a big target for a hacker.
As such, you don’t invest in adequate cyber defenses because you can’t justify spending that kind of money for something that you’ll probably never need.
Then, it happens. You’re hit with a ransomware attack and your entire company is locked out of your internal IT systems until you pay a hefty ransom, or your customers say their credit cards have been compromised and spending with your company is the common denominator.
Now, you wish you listened to your IT experts or your managed service provider when they said you needed to invest more in cybersecurity.
While there isn’t a true return on investment when it comes to cybersecurity, these technologies can help save your business a lot of trouble, says MJ Shoer, senior vice president and executive director of the CompTIA Information Sharing and Analysis Organization.
“If you do nothing and get breached, and you go out of business – there’s a huge ROI,” Shoer says.
Cybersecurity can help protect your pocket book
Cybercriminals have the benefit of always being one step ahead of cybersecurity solutions, and they’re always evolving and adopting new attack methods that cybersecurity experts have yet to encounter.
It’s one of the biggest risks of doing business these days, and you must prepare for it by layering security solutions. If you don’t you could pay a big price.
“A breach can put any business out of business,” Shoer says.
According to an IBM study of 500 global organizations and interviews with more than 3,200 security professionals, the average cost of a data breach is $3.86 million.
IBM found that advanced security technologies like artificial intelligence, automation, machine learning, analytics and others can help your business save money in the event of a breach. Specifically, that’s a cost-saving difference of $3.58 million for companies with fully-deployed security automation versus those without.
In addition, incident response preparedness can help keep costs low when responding to a data breach. Companies with neither an incident response team nor plans saw an average of $5.29 million in breach costs, compared to $2 million at companies that have both an incident response team and simulations.
Cybersecurity can help protect your time
Other attacks, like ransomware, can keep your company offline for days or weeks until a ransom is paid. This has the doubling effect of lost business due to your company’s inability to log into its core systems and a large lump sum to release your company from the attacker’s grip.
According to cybersecurity company Coveware, the average cost of a ransomware attack last year was $84,116, although some ransom demands have been reported to be as high as $800,000.
In the same report, Coveware said the average downtime for a company that suffered a ransomware attack was 16.2 days.
And, it can take days or weeks to complete a forensic analysis of a data breach, taking your employees away from other activities that actually make your company money.
So, while there isn’t a quantifiable return-of-investment of cybersecurity solutions, there is instead a lot of headache saving.
Cybersecurity can protect your reputation
Companies that suffer a large data breach or compromise also risk doing harm to their reputation if they aren’t equipped with adequate cybersecurity tools.
This is evident especially at public companies. Take SolarWinds, for example. The IT management software company was the target of a sophisticated attack in which hackers compromised an update of one of the company’s key products and created a backdoor into the IT environments of nearly 18,000 customers.
The effect on the company’s reputation was disastrous. Numerous headlines quickly appeared about the company’s lackadaisical approach to its own cybersecurity, but that was after the company’s stock price dipped to a low of $14.18 after trading for $23.55 before the breach was disclosed.
Now there are questions about if the company can hold onto its customer base and continue to grow, Shoer says.
“If you’ve been going to a local dentist and you find out they’ve been breached and your credit card information has been exposed, chances are you’re doing to a different dentist,” Shoer says. “The reputational harm is tremendous.”
No organization is immune
These days, no one organization is immune to cyber threats. Attackers have shown an ability to target different kinds of businesses in different sectors in a variety of different markets.
Even though large companies like SolarWinds with the IT knowledge to prevent these attacks get hacked, this doesn’t mean you shouldn’t invest in the protection of your own company.
Why invest money in cybersecurity when you don’t stand a chance? Because you still lock your doors and set your alarm at night even though you know neither is going to prevent someone from breaking in if they’re determined, Shoer says.
“But you still do it because you try to make it as difficult as possible so they give up when they’re trying,” Shoer says. “That’s what it’s all about.”