The recently published Cyber Security Breaches Survey Report 2017 has revealed that 46% of UK businesses surveyed have suffered a Cyber Security breach in the past 12 months; with incidences ranging from fraudulent emails, viruses, spyware and malware, to attempted hacking of sensitive information, and ransomware. With the knowledge that cyber attacks cost the British industry approximately £34 billion a year, it’s of no real surprise that the percentage is so high.
With all this evidence of the regularity of cyber attacks and the extortionate amounts of money they cause businesses to lose, Cyber Security must be a top priority for senior management, right? Not exactly. Whilst two-thirds of businesses surveyed have some form of Cyber Security budget, for many Chief Information Security Officers (CISOs), it’s not enough. So how do you answer your company’s board’s arguments against further Cyber Security investment and convince them of its importance?
‘Cyber security isn’t relevant to our company’
This is a common argument, particularly in SMEs. For businesses who still conduct a substantial proportion of their work offline, it’s difficult to understand why Cyber Security is so important. Yet any company that processes data online – whether that’s employee or customer data – needs to invest in Cyber Security in some form, particularly with the GDPR’s incoming enforcement.
Your board may not think the customer data your company processes is of any value, but under new GDPR rules, anything that can identify an individual will be considered personal data – including name, location, and even IP address and cookies.
Convince your board against this argument with reference to two of its biggest fears – financial woes and loss of reputation. Explain the fines the company could face if they are found not to have adequate protection against data breaches, alongside the loss of loyal customers and public reputation.
‘We can’t afford to employ a Cyber Security expert’
Your board won’t just be considering the costs involved in the purchase of Cyber Security systems, but the costs of employing or training someone to implement them. This is a difficult argument to counter – you simply can’t get around the fact that money will need to be spent. One option to consider is outsourcing all your Cyber Security needs. Not only will the company save on employment costs, it shifts the bulk of the responsibility from team members who may not see Cyber Security as ‘their job’ to a trusted expert team, giving your board peace of mind that everything is in hand.
‘I didn’t realise we were at risk’
Over a fifth of organisations’ senior managers are never given an update on Cyber Security issues, hence they don’t realise the scale and significance. By simply implementing a reporting system to the board, which details possible threats and solutions, you can rapidly increase your chances of securing further investment.
‘I’d rather take the risk and spend the money if there is an incident’
This is one of the most frustrating things the company’s Cyber Security champion can hear. Many businesses think security breaches will never happen to them so why should they invest? And even if it does happen, surely it’ll cost less to deal with a one-off incident than to invest in Cyber Security systems and staff? If your board present this argument, simply explain the amount of money the company could lose if a security breach caused company emails or file drives to stop working, causing an almost total loss of productivity.
This would not only impact on revenue, but on customer reputation. Imagine telling your customers you can’t deal with their enquiry for a week because you can’t access your emails? If possible, back up your argument with the projected losses if this were to happen, and compare them to the costs of investing more in cyber security investment. It’ll soon become apparent which is the better option!
Still need a hand convincing your board to invest in cyber security? Get in touch with our expert team.