Cybercrime is a significant threat to businesses of all sizes. And not just larger corporations. It especially affects businesses that depend on computerized technology to conduct their daily business. So, investing in cybersecurity to protect your business and data from malicious cyber-criminals and hackers isn’t just desirable. It’s absolutely essential to maximize resistance against threats.
However, it’s not just online businesses that face the risk of getting hacked. Even a smaller enterprise that’s using just one PC which is not even connected to the internet (though this is highly unlikely in today’s day and age) could still be at risk of system contamination. Through something as basic as a memory stick containing a virus.
With an increase in data, comes an increase in data leak risk
Technologies such as big data and the way businesses of all types and sizes capture data through various means such as via their websites, as well as by way of POS technology in retail settings, mean a mass of sensitive information is being held by organizations. That’s clearly information that cyber-criminals are keen to get their hands on.
From phishing, malware, viruses, general data theft and disruption of service attacks, the threats are diverse and plentiful, and all have the potential to severely disrupt a business’s operations.
The cost of recovering from a severe security breach can run into millions of dollars and no-one is immune; many household name companies have suffered security issues.
Knowledge is key
While larger companies have IT departments to manage cybersecurity, smaller business owners need to be aware of the trends in cybersecurity threats as some move in and out of ‘fashion’.
Keeping abreast of the latest cybersecurity issues is part and parcel of staying updated in business matters and news.
What to spend on cybersecurity?
A difficult question to answer; it’s a little like asking “how long is a piece of string?”. Security investment would differ depending on the type of business and how it operates.
For example, a business with a large e-commerce website is likely to want to invest more in website security than a company whose website is basically an online brochure that doesn’t have people interacting with it in terms of making purchases and so forth.
Companies with several employees out ‘in the field’ using company-supplied portable techs such as smartphones, tablets, and laptops would likely spend more in ensuring mobile devices are fully protected and the staff concerned are fully trained in maintaining good cybersecurity practices.
On the other hand, a company not issuing mobile tech to employees and not really having a field presence would probably focus a lot less on mobile device security.
Business analysts Gartner estimate that, in general, the average amount spent by companies on cybersecurity is five percent of its IT budget – with healthcare, financial and professional services being the sectors spending the most on reducing cyber risk.
An intangible expense
Spending on cybersecurity is sometimes difficult to quantify; it’s investing in something that may or may not happen without being aware of just how disruptive a particular cyber threat might be. It would differ depending on, say, whether it was a DOS (Denial of Service) attack that caused a company’s website to crash or a malware invasion that caused systems to fail.
In other words, expenditure on prevention is less easy to measure than, for example, buying a new piece of equipment or new software.
One way of protecting against the financial implications of cyber threats is taking out a cyber insurance policy.
In the same way that businesses can relate to and justify insuring themselves against hazards such as fire and theft, so ensuring against the financial losses, disruption and the costs to recover after a cyber-attack is a more tangible way to measure investments in cybersecurity.
Of course, just about every business wants to avoid or at least minimize cyber threats in the first place – an insurance policy won’t help protect systems and tech from threats.
Many of the basic precautions such as updating system software including firewalls, changing passwords regularly, being aware of threats such as social engineering and phishing emails can be achieved at more or less zero cost.
That said, investing in at least the time of a security expert to assess current arrangements and advise on possible improvements is a basic expense all businesses should be able to justify when the stakes are considered.