The stakes are enormous when it comes to cybersecurity. Major organisations, government agencies, social networking sites, restaurant chains, and every other industry may now be found on the list of data breach victims.
In 2004, the global cybersecurity industry was approximately $3.5 billion; by 2017, it was predicted to be valued at more than $120 billion. Over the course of 13 years, the cybersecurity market grew about 35X, and by 2020, had achieved a value of USD 180 billion. Currently, it is predicted to increase at a CAGR of 10% over the projection period of 2022-2027, reaching a value of more than USD 300 billion by 2026.
There’s a reason why I’m starting this article with a flood of statistics. We’ll get to it.
The important thing to note right now is that the market is growing, and for a reason. With cybercriminals betting on the COVID-19 pandemic, 2021 introduced a whole new dimension of cybersecurity risks. Global cybercrime expenditures are anticipated to exceed $6 trillion by the end of 2021, a number that, by 2025, will reach $10.5 trillion.
The stakes are enormous when it comes to cybersecurity. Major organisations, government agencies, social networking sites, restaurant chains, and every other industry may now be found on the list of data breach victims.
Managing cybersecurity on a budget in today’s socioeconomic context, therefore, is a formula for disaster. Hence, the stats.
Because the answer is no. Cyber-costs will not decrease in 2022.
For good reason.
Typically, financial institutions regard cybersecurity as an insurance package, or spend for it as they would on something that they had the coupons for. This strategy compromises their organisations needlessly and exposes their cybersecurity personnel without the necessary people or resources to do any actual securing.
But the stakes are too high
Banks are the backbone of most people’s financial systems, bearing currency, extending credit, and exchanging currencies at all hours of the day. They are the bedrock of financial management and are as vulnerable to cyber-attacks as anybody else.
Duly, banking institutions, on the whole, have a reputation for making sensible investments and not acting until they perceive a significant financial gain. After all, they are in the business of making money.
When a breach happens as a result of a cyber-attack, banking systems contain a wealth of critical data that may be stolen and sold, putting the company’s image in jeopardy. After all, who wants to do business with an organization that would stand to compromise their personal data or portfolio value?
Plus, look at the costs.
According to Sophos, ransomware recovery costs may reach over $2 million, more than doubling in a year. Also, it is critical to distinguish between simple recovery costs and all other costs associated with ransomware. According to IBM’s estimates, the entire average cost of ransomware from detection to containment through recovery was $4.62 million.
Even if your organization has cyber insurance to shift the significant financial risk, a successful attack can still result in severe brand damage, reduced customers/revenue, and legal bills that your insurance is unlikely to cover, including the impact on future revenues.
And if we look at other different forms of data breaches, and not just Ransomware-related ones, IBM’s report shows that average data breach expenses increased from $3.86M to $4.24M in the last year, representing a 10% rise year over year.
So, how much is enough?
When it comes to cybersecurity investment, the standard approach is to ask, “How much is enough?” Is it, however, enough for banks to just meet the compliance requirements? Would they rather not consider a budget that equips them with a strategic plan to thrive even in the face of rising risk?
Say your cybersecurity budget was $1 million in 2021, the usual budget approval procedure will dictate that your budget should be 5-7 percent greater this year but it doesn’t mean it’s sufficient. In the U.S., for example, the majority of cybersecurity spending is expanding in a linear or flat manner, and cyberattacks are increasing rapidly. For C-suite executives, this basic observation should serve as a wake-up call.
As business leaders, as a collective, we need to think more strategically about how the organization will be truly safeguarded against future loss, and how we can match budgets and critical success factors accordingly.
JPMorgan Chase recently revealed that they spend roughly $600 million on cybersecurity expenditures each year. This may appear to be a large sum to some, but when you reflect on what is at stake, it is a modest price to pay to avoid significant financial, reputational, and other losses.
Understanding and answering the question “How much is enough?” in terms of cybersecurity budget is genuinely the nexus, as well as merely the starting point, of cybersecurity performance and business objectives.
In order to successfully accomplish the age-old balancing act of business security, business continuity, and business growth, the bigger question leaders must ask is, “Is the standard budgeting going to satisfy the company’s financial goals while also ensuring a secure cybersecurity environment?”
Source: Business World
