Based on the past year, one thing that is certain to be on every company’s mind is security.

Among the various concerns associated with security, perhaps the most important is how much it costs to effectively secure your company data in the age of large-scale cyberattacks and breaches.

According to Accenture’s 2017 “Cost of Cybercrime” report, the cost of cybersecurity increased 23 percent in 2017 from the year before. Much of this cost is attributed to the increased frequency and cost of cyberattacks, which, according to the research, on average cost $1M in damages a piece.

In order to avoid the costs and damages of suffering a cyber breach, businesses need to create a comprehensive and well-informed security budget that considers their primary security vulnerabilities and helps to strengthen their defenses.

This article breaks down information and cyber security costs into two main categories—compliance and recovery—and provides an approach for businesses to best budget for security using these two cost categories as a guiding framework.

Distinguish Between Compliance and Recovery Costs

The first step in creating your security budget is to distinguish between the two main forms of cost associated with security, compliance and recovery costs.

Compliance costs are preventative expenses accrued from fulfilling the terms of security policy or regulations. Compliance costs are mostly associated with preventative measures such as firewalls, security software investments, and training programs for employees.

Compliance costs are mostly budgeted, and the amount of compliance cost a business includes in its budget ideally results from deliberation among decision-makers as to where security resources should be best distributed.

Recovery costs are expenses caused by security issues. Recovery costs are a broad category that include all cost and damages that result from a breach or attack including theft, ransom, lost business, and public relations to (Read more...)