The Cost of Doing Nothing

As part of our “‘Not If, But When’ Means Right Now” series, we highlight the importance of assigning greater urgency to projects that mitigate cybersecurity risk before consequences are realized. In this post, Daniel West discusses the reasons small to medium-sized enterprises experience difficulty initiating projects before a breach, the change in imperative that an incident brings about, and demands that SMEs challenge the status quo by doing something about their cybersecurity.

We’ve got to start making [product] again,” the CEO said, his operation hindered by ransomware, they were prevented from making the products they brought to market. Not long after responding to the incident, I was sitting down to lunch with that same CEO to talk about improving security moving forward. I asked him, “Would you have taken my call three weeks before the breach?” His answer was simple, direct, and unsurprising – “No.

This is the norm when talking with leaders in most small to medium-sized enterprises, and is representative of how business priorities change with circumstances. Until you have an incident, you don’t have evidence that you aren’t secure. It is easier to think you are protected in your current state than to go looking for another problem to solve. You’ve invested money into prevention technologies already, shouldn’t that be enough? Unfortunately, unless you can confidently say that your organization has no gaps in its cybersecurity people, process, and technology, there is still work to be done.

The Status Quo

In today’s market, “doing nothing” about cybersecurity is the status quo before organizations reach a certain size. This choice represents some of the biggest competition that cybersecurity companies face. Unfortunately, unless there is an incident, it is unlikely for companies to take proactive actions to challenge the status quo and make (Read more...)

*** This is a Security Bloggers Network syndicated blog from IntelliGO MDR Blog authored by Daniel West. Read the original post at: