Building Effective Business Cases to Cover Cybersecurity Costs

With the global average cost of a data breach totaling $3.86 million in 2020, the topic of security continues to be a major pressure point and a board-level agenda item. So why do security programs still seem to lack adequate funding, urgency and support until a breach or lawsuit occurs or auditors demand change? Verizon’s 2021 Data Breach Investigations Report analyzed 29,207 incidents, of which 5,258 were confirmed data breaches compared to 3,950 confirmed data breaches in 2020. This means more executives are going to wish they spent more time, attention and resources on this area, but might still balk at cybersecurity costs. 

According to Forrester, 60% of 679 global enterprise security decision-makers who sit in IT and have the seniority level of manager, director or vice president increased their IT budget for security in 2020, which is an improvement over past years. But Forrester also says businesses or agencies “with lower budgets tend to lack the visibility, expertise and situational awareness to identify that attackers have gained a foothold in the environment”. This helps explain why the average time to spot a breach can be as long as 228 days based on IBM’s Cost of Data Breach Report 2020. That’s a long time to wait for bad things to happen.

Justifying Cybersecurity Costs Can Be an Uphill Battle

It isn’t always easy to convince executives that these efforts or projects are important enough to justify the cybersecurity costs. They don’t always see that good defen ..

Support the originator by clicking the read the rest link below.