Bridging the Cyber Divide: Making the Resilience Case
 

We know you’ve been there before.

You’re an IT director or CIO without a large staff or budget. You find just the right solution that’ll make your company safer and more productive and—perhaps most importantly to you—will make your life easier and reduce your daily headaches.

You’ve conducted a full evaluation, with demos and supporting calls for that solution plus a couple others. You’re stretched enough as it is and just going through this process has been a time-consuming one. You’ve honed your presentation to sell it to your C-level executives.

Then, while you’re making your case back to the business, your CFO or other finance/budget staff bring your initiative to a screeching halt.

• We don’t really need this, do we?
• Isn’t what we already have in place good enough?
• Are we really going to get hit? Why would anyone hit us?
• We must do more with less this quarter. Come back next quarter and we’ll see.

And back to the drawing board you go. But the truth is, when it comes to cybersecurity, we see time and time again that skimping out on solutions or not having the right ones in place can lead to serious consequences for organizations without large IT staffs or budgets.

Many small-to-medium sized businesses (SMBs) say they can’t get their systems up to snuff because of budget. In a recent Webroot study, 41% of SMB respondents said they had no dedicated resources for IT security and just 12% said they had dedicated in-house security staff.

Organizations lacking huge IT budgets or staffs may be forced to accept “good enough” security solutions. In turn, they may face security risks when those solutions don’t stack up to the realities of today’s threat landscape.

The folks in IT roles know—no matter how big or small, no matter how much revenue they bring in or corporate IP they hold—every organization is a target. But, it can be hard to convince others in non-technical budgetary roles the real dangers posed by these threats.

They may think their organization isn’t a threat target, or, with budget in mind, they may think security solutions that come bundled or included with other platforms is enough to get by.

We want to help you make the case for cyber resilience in your organization and win over the skeptics. That why we’ve started up a new blog series, Bridging the Cyber Divide.

The real cost of cybersecurity breaches

To start out, let’s look at what’s really at stake here for organizations of any size. These attacks are happening all the time and can go far beyond just losing money. It could be the difference between staying in or going out of business.

A whopping 60% of small businesses that suffer a cyberattack are forced to go out of business within six months, according to the National Cyber Security Alliance. Additionally, the Ponemon Institute says the average price for a small business to deal with an attack is $690,000. That swells to over $1 million for mid-market companies.

In citing these statistics, the Denver Post also noted an all-too-familiar story of a small online retailer in the US Midwest that was forced to go out of business shortly after an employee clicked on a seemingly-safe email link that instead launched a crippling ransomware attack. Between the cost of cleanup and the resulting loss of business due to the cyber attack, the company had to close its doors.

What you risk without cybersecurity solutions

Reputational damage for a small or mid-sized business after an attack could be enough to drive it out of business, never mind the cost of cleanup. To that point, not going with a strong security solution opens you up to considerable risks when you’re hit with an attack.

It’s about your customers, and your revenue is at risk. You could be part of a larger supply chain and you could be the weak link if you get breached. Any impact to your customer’s data could destroy not just that direct customer relationship but with others as well.

Cyber insurance could mitigate the risk a bit, but it can’t help you recover brand and business damage. It may not even help you if you don’t get a claim paid because you didn’t provide reasonable care.

In many instances, organizations are prone to letting great be the enemy of good. Most commercial breaches are run-of-the-mill attacks perpetrated by opportunists. A basic cybersecurity defense program with some level of management would prevent the majority of successful attacks. 

SaaS security offerings combined with MSSPs offer a whole range of modest cost, managed solutions that take the pressure off internal resources. Not taking a proactive approach makes you an unnecessarily easy target, putting your whole business at risk.

In this series of posts, we’ll explore these topics and highlight why it’s important for all organizations—regardless of size, staff and revenue—to be hyper-aware of the risks inherent in today’s cyberthreat landscape.

And we hope you can use the knowledge to go back to your organization, avoid the scenario laid out above and make those headaches a thing of the past.

Here is the second post in this series, on the threat of supply-chain attacks and how to use examples to position your advanced cybersecurity argument.