The battle for business buy-in: Three ways to justify your IT security spend

Maxim Frolov, Vice President of Global Sales at Kaspersky Lab

Proving ROI in IT security has traditionally been a struggle for IT professionals, who need to balance budget limitations while constantly fighting to stay ahead of the dynamic threat landscape. However, businesses are now starting to treat IT security as an investment, rather than simply a cost-center – according to a recent Kaspersky Lab report[1].

 

1. Costly cybersecurity incidents are affecting current and future business operations

Businesses of all sizes and industries are realising that they have to prioritize cybersecurity spend. Enterprises are now spending almost a third of their IT budget (£6.9 million) on cybersecurity and budgets are expected to rise over the next three years across all segments. Both SMBs and Enterprises predict they will spend up to 15% more on cybersecurity over this period.

Why? Because the consequences of a cybersecurity incident can spread far and wide. WannaCry stopped the production lines of five Renault factories, while exPetr disrupted business operations at Maersk, the world’s largest container ship and supply company, resulting in losses of between £155 million and £250 million pounds.

Along with undermining current business operations, cyberthreats are also impacting future-focused initiatives. Digital transformation and business mobility require organizations to operate a growing IT infrastructure, meaning they often lack visibility into their hybrid clouds. Consequently, data is being put at risk of compromise or even encryption. The Zeptoransomware, which was spread via cloud storage apps, provides a prime example of this threat in action.

Moreover, the costs of dealing with the consequences of a cybersecurity threat are on the rise – due to factors such as having to hire external consultants, acquire new software, deal with PR risks and litigations, etc.

With costs rising and crucial business operations being put at risk, it’s no surprise that top management is now getting involved in the cybersecurity provisioning debate. But it’s not just their own infrastructure that they have to be thinking about.

 

2. Even if your corporate perimeter is protected, you cannot be so sure about your suppliers

It’s important to understand that a breach can happen even if the business’s own corporate network has the necessary level of protection — through supply chain attacks or breaches as a result of vulnerabilities in 3rd party legitimate software.

We saw the groundbreaking breach of American retailer Target, when criminals gained access to the company’s network credentials through its ventilation and air conditioning vendor. This was followed by the Equifax breach, which was hacked through a vulnerability in legitimate open source software. The hackers gained access to databases, stealing 145.5 million accounts with crucial client data such as names, social security numbers, dates of birth, addresses and even credit card numbers.

For enterprises, data protection remains a critical issue even if a threat is somewhere outside the corporate perimeter: data breaches resulting from incidents affecting suppliers businesses share data with cost them up to £900,000 million on average.

And, with data being stored in multiple locations, cybersecurity becomes a significant challenge.

 

3. Business data must be protected, wherever it is

It’s no secret that cloud services offer many benefits to businesses, from taking advantage of a more efficient mobile workforce, to reducing infrastructure costs and optimizing business operations. As such, 73% of SMBs use at least one SaaS hosted business application, while 45% of enterprises have either already raised or are planning to grow their use of hybrid cloud in the next 12 months.

However, as businesses move more and more data to the cloud, they often end up losing visibility of their data exposure. Data ‘on the go’ that is actually stored outside of the corporate data center — e.g. in 3rd party IT infrastructure — is presenting businesses with new security issues and new costs. The most expensive incidents over the past year were related to cloud environments and data protection issues. For example, for SMBs, two-thirds of the most expensive cybersecurity incidents are related to the cloud and 3rd party hosted IT infrastructure failures result in an average £140,000 loss. That’s why it is so important to consider a dedicated level of cybersecurity when moving workloads to cloud platforms.

[1] “On the Money: Growing IT Security Budgets to Protect Digital Transformation Initiatives”, 2018

 

spot_img
Ad Slider
Ad 1
Ad 2
Ad 3
Ad 4
Ad 5

Subscribe to our Newsletter