With the C level being under more and more pressure to drive value rapidly, it is often security expenditure that is cut. The ANS General Manger for Security, Stephen Crow, warns this is a false economy and cutting back on security can cost millions in the short term and even more in the long term.
From Security Operations Centre, we’ve seen a significant rise in attacks on companies. In Q1 alone we’ve seen over 22 billion security events. And yet, we are regularly hearing from CISOs that budgets are being cut and pressure is being applied to further reduce expenditure on threat detection and prevention.
As well as ourselves seeing a dramatic rise in attacks, third party intelligence organisations are also issuing warnings. Interpol for example, recently warned that bad actors are moving their efforts from targeting individuals to focusing on companies, large and small, public and private sector.
This situation is compounded by more companies adopting hybrid working models, many without adequate defence measures, which provide more opportunities to exploit unprotected.
Risk is high
To be honest, the situation really scares me. I don’t think I’ve ever seen a period in time when companies have been more at risk and yet defences are being lower for the sake of cost cutting.
And the thing is, this short-term cost cutting is a false economy. The cost and risk of an attack on a company with a poor defence posture far outweighs the money that could be saved by not spending on managed security services such as Managed Detection and Response [MDR].
Breach costs are an existential threat
According to IBM research, the cost of a data breach in 2022 was, on average, over £3.5m for enterprises. For SMBs, it averages around £120,000 [AppRiver Research]. For a typical mid sized enterprise or a small company, these levels of costs could put the business at serious risk.
One company director I spoke to recently ran an online lighting company. They experienced a successful attack, where customer data had been stolen and held to ransom. The result was a loss of all customer data and fines so large the company went out of business. And this is not a one-off story.
In addition to the above, companies experiencing a break can also face significant legal costs. If a bad actor conducts a successful data exfiltration attack on a company and captures personal data, those affected can legally seek damages.
For example, a data hack saw 100,000 of Morrison’s staff records leaked. The supermarket was facing huge fines until the supreme court overruled the decision.
Aside from money, a successful breach can have an irrevocable impact on a company’s reputation, particularly when the exploitation is data theft. Customers who have entrusted their personal and financial data to a company, from which this data is stolen, are likely to feel betrayed and angry. These feelings more often than not come out on social media, in the press, leading to a seriously damaged reputation.
Prevent, detect, respond
The frustrating thing is that protecting against modern cyber attacks is often seen as expensive, when it isn’t. You don’t need to build you own security practice or establish an in-house Security Operations Centre. There are many managed security services providers that can help improve your defence posture and prevent attacks at a fraction of the cost of building expertise in house.
At ANS, we can take complete responsibility for a company’s security. We’ve spent significantly to build a state-of-the-art UK SOC, with Security Checked analysts, and invested heavily in the latest AI and automation tools to prevent attacks, detect threats and respond to incidents immediately. All of which we provide to our customers as a managed service.
So please, don’t cut security spending now to gain future profits – there might not be a anything in the future to generate those profits.