Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.
TECHNOLOGY

Making the case for cybersecurity investment

Published On :

By Spencer Young, Regional Vice President of EMEA at Imperva

2018 turned out to be a significant year for cybersecurity with breaches and attacks making the news far too often. In fact, a recent report released by the Department for Digital, Culture, Media and Sport reveals that over four in ten businesses (43%) in the UK experienced a cyber security breach or attack last year. The same report goes on to highlight that despite the growing number of cybersecurity threats and attacks fewer than three in ten businesses (27%) have formal cyber security policies in place.

While this discrepancy is worrying, it shines the spotlight on why business leaders are yet to fully embrace the value of cybersecurity.

Although we’re in the era of digital transformation, many organisations are looking for guaranteed returns from their technology investments. Therein lies the problem – with increasingly tight budgets, senior leaders view of cybersecurity systems is currently framed as insurance. So, how do we shift this mindset so that senior leaders can better understand that the value of protecting business critical data extends far beyond just covering your assets?

Cybersecurity and the board

In recent months, we’ve seen the introduction of new regulations such as the EU’s GDPR, as well as constantly shifting privacy laws in nearly every geography. While there is considerable levels of effort required to prepare for these new compliance landscapes, they are putting security strategy decisions at the top of the priority pile of boards and exec teams.

Board members, in particular, are responsible for establishing good governance practices and policies for driving better financial performance and growth. For this reason, it is vital that they have a comprehensive view of their organisation’s cybersecurity strategy, and the required level of investment for buying down their risk.

Where cybersecurity may have previously been considered one subset of operational IT, a cursory glance over the press clippings in recent years will have alerted them to the real challenge. A growing number of business leaders are awakening to the fact that a data breach is all but inevitable. What they need to know is, how they can limit the scope of damage from a data breach with the right level of investment.

Step 1: Making the case to senior leadership

As the levels of liability for failing to govern risk and protect critical data are transferred from the IT department to senior leadership, these leaders need a quantified measurement of risks including:

  • Compromised customer data
  • Diminished brand and reputation
  • Loss of investor and consumer confidence and loyalty
  • Stolen sensitive intellectual property
  • Compliance and regulatory sanctions
  • Business disruptions

Step 2: Assessing the current situation

Once these risks are quantified, due diligence will require leaders to assess the steps their partners and competitors are taking to avoid exposure. Relationships with technology suppliers and lenders then become less transactional, and more of a long-term advisory partnership, as they’re best placed to provide advice on the current trends within your marketplace.

Step 3: Do a complete audit

The next step requires you to conduct a thorough inspection of your current security posture.

This involves understanding where your critical data currently resides, who requires access to it and more critically, who actually has access to it.  While it’s a drum we beat perpetually at Imperva, many leaders don’t understand the risks of a potential data breach by careless, compromised, and malicious insiders. Not all data assets carry the same level of risk, and not every employee should be given carte blanche access to all organisational data.

While this may be time consuming, leaving no stone unturned at this stage of the audit will give you a clear understanding of where your security measures stand currently and benefit you greatly in the long run.

Final step: Determine the right investment for your business 

By appraising your data assets in terms of their value and risk, you can then begin targeting your investments towards timely threat detection and incident response.

No matter the time and effort invested, it is important to remember that data breaches are inevitable.

Framing this approach as a risk/reward equation and using a tiered security approach ensures that your organisation can protect high-value targets that would cause significant harm if they were compromised.

At the very least, senior leaders need to be made aware of the growing threat they face every day from external cyberattacks and internal data breaches. A single breach has the potential to irreparably damage the financial condition of even the most successful business, and ruin the careers of those leaders involved. Rather than packaging your cybersecurity spending rationale within IT investments, these really need to be highlighted as a high level risk mitigation strategy.

About the author:

As the Regional Vice President of EMEA at Imperva, I’m dedicated to helping IT security professionals realise tangible business value from their security technology, by delivering meaningful and actionable insights to Data and Application activity.  If you’d like to have a discussion about how you can begin building a business case for IT security investments that provide real and measurable benefits to your business.

Continue Reading

Recent Posts