Why investing in cybersecurity is cheaper than dealing with a breach
At the turn of this millennium, the biggest cybersecurity threats were happening at the network layer and could be easily minimized as IT had complete visibility into the network and an iron grip on access to applications and data. Today's landscape has a starker contrast.
With the influx of cloud-based applications, coupled by the strong movement to embrace digitization and Bring-Your-Own-Devices (BYOD) trends, present day cybersecurity attacks are now happening across multiple layers. In fact, half of respondents (50%) cited application layer attacks to be more frequent and even more (60%) said it to be more severe than at the network layer in a 2016 Ponemon report, Application Security in the Changing Risk Landscape.
It is no surprise that cyber threats have expanded ground to include new platforms and avenues ripe for exploitation, and in more diverse attack tactics such as social engineering, ransomware, and DDoS.
All eyes on APAC
However, the advent of new technologies is only part of the equation that is driving the evolution of cybersecurity. Today's breed of cybercriminals has grown to become more malicious and their attacks more frequent, complex, and expensive to rectify. According to London-based consultancy Grant Thornton, organizations in Asia Pacific lost an estimated US$81.3 billion in revenue due to cyberattacks compared with US$62.3 billion in Europe and US$61.3 billion in the U.S.
Despite significant losses in revenue by cyberattacks, a PwC study found that nearly 40 per cent of organizations are not planning to invest in cybersecurity at all[1].
Losses go beyond monetary
Back in 2007, Jason Spaltro, then the Executive Director of Information Security at Sony Pictures Entertainment, famously said it was a "valid business decision to accept the risks of a security breach", and that he "would not invest $10 million to avoid a potential $1 million loss". This was before the company suffered a major cybersecurity breach in 2014, where hackers stole and leaked pre-released movies, individuals' private information and sensitive documents. The total loss? Almost US$100 million in revenue, and a lot more in intangible and hidden costs. This includes loss of customers, difficulty acquiring new customers, and investor flight among others.
While such cavalier attitude towards cybersecurity might be passable yesterday, today's cybercriminals are unforgiving and more malignant in nature, seeking beyond financial gains and aiming to destroy the reputation built over decades—which may ultimately cost owners their business. It is no longer the question of whether cybersecurity should be part of a holistic growth strategy; it is now a matter of how to invest.
Firstly, prioritize what you need to protect. For instance, in an app-centric environment, you should identify all apps in your network, whether deployed by IT or shadow apps installed by impatient employees, and secure those you deem to be most vulnerable.
Secondly, security assessment must be part of your application development framework, and not an afterthought. Having a secured application will not only protect your data but even more importantly enhancing your customers experience and their confidence in your brand.
It is also important to keep in mind that cybersecurity is everyone's responsibility, not just IT. Ultimately, cybersecurity should be integrated in every aspect of the organization to ensure that you retain your customers' trust and protect your bottom line.