blog

What’s at stake?

Know exactly what's at stake so you can right-size your security investment

SIMPLE SECURITY GUIDANCE AND ARTICLES DIRECT TO YOUR MAILBOX

What you need to know to protect your business, de-geeked and accessible to everyone

Subscribe
by Mike Knapp in Business Leaders

Cyber-attacks are a serious business. Crypto-locker-style malware alone has had revenue of more than $325,000,000 in the last 3 years. Almost any type of data is for sale on the dark web, with buyers readily available.

It’s never been easier to make money with cyber-attacks. With opportunities like that, cyber-terrorist teams are everywhere, constantly testing defenses.

As a business leader, you need to understand what’s at stake so you can make informed decisions about how much, and what security is enough.

To get an understanding of what’s at stake, you need to first understand what you’re protecting. Think about the kinds of data you store:

  • Intellectual property
  • Customer information
  • Accounting / banking records
  • Payroll information
  • Credit card data
  • Health records

Notice at this point I haven’t talked about physical assets? These are specifically data assets. Yes, cyber-attacks may take down physical assets, but in most case those are a commodity and can be fixed easily. If you lose credit card data though …

We want to understand the value of data.

Look at each type of data from 3 perspectives:

  1. Financial value – what is it worth to you (or worth if you lose it)?
  2. Reputational value – what is the cost to your reputation if you lose it?
  3. Legislative cost – if you lose the data, what’s the compliance /legislative cost?

Normally, I rate each of these as High/Medium/Low. From there, it’s clear what the value of each type of data is to a company.

The cost of downtime

Next, consider key parts of your business. What would be the cost if an attack happened and the computer systems weren’t available? This is the cost of downtime.

For a professional services firm, this may be as simple as total billable rate effected * time. Think about a law firm, with a handful of $400/hour lawyers! Even if you decide that they could work on paper at a lower rate, or those out of the office (say 50%) 10 lawyers could be $2000/hour, plus support staff.

With an understanding of the value of your assets and the cost of downtime, it’s easier to understand what’s at stake. Simply put, in today’s economy, it’s everything. Your assets, your reputation, your ability to be productive.

Now when you start to have discussions with IT around security, decisions can be made by cost-benefit analysis instead of “IT says so”.

Understanding what’s at stake is the first step to getting the right protection in place.

Leave a Reply

Your email address will not be published. Required fields are marked *

SIMPLE SECURITY GUIDANCE AND ARTICLES DIRECT TO YOUR MAILBOX

What you need to know to protect your business, de-geeked and accessible to everyone

Subscribe