How Much Should Businesses Invest in Cyber Security?
Published on : Thursday 10-10-2019
Benelec Infotech P Ltd, Pune
Cyber security continues to be a major issue in India with 76% businesses hit by online attacks during 2018, as compared to 68% incidents across the globe, reveals a new global survey from a reputed cyber security firm. The report further says, IT managers discovered 39% of their most significant cyber attacks on their organisation’s servers, and 35% on its networks. Only about 8% were discovered on endpoints and about 19%, which is almost double the global average, were found on mobile devices. In other key findings, 97% IT managers admitted that security expertise is one of the greatest issues in India, while 92% Indian IT managers wish they had a stronger team in place to properly detect, investigate and respond to security incidents, 89% believe cyber security recruitment is a challenge.
The question is very simple – What is the ‘right’ amount of money a business should invest in its cyber security infrastructure and policy framework?
The answer – Well, that’s not so upfront!
When it comes to protecting both internal and enterprise data, businesses competing in today’s digital-first world no longer have the luxury of crossing their IT fingers. Globally over 61% businesses experienced some form of a cyber attack in 2018 and 86% of those surveyed feel underprepared regarding their ability to shield and mitigate a cyber attack, yet they have no set format for improvement. Businesses know they need robust cyber security plans tailored to their size, scale and risk profile. They also know their future is at stake without them.
It’s time for Indian businesses to take back control of the situation. By investing in tailored cyber security technology, framework, adopting suitable protocols and including cyber security as its own line in annual budgets, companies no longer play hacker hide-and-seek, hoping to go unnoticed by hackers or data thieves.
Realise the cyber security risk
Today cyber attacks have become the norm, not the exception. Indian businesses must tighten their grip on internal, tech-driven operations if they wish to prepare for some of today’s biggest cyber security risks. And those risks are numerous, with dozens of attack types that – on the surface – can make a business defenses look like they’re always playing catch-up. We break down the top 5 Cyber Threats facing Indian businesses as on today.
Top cyber security threats
1. Ransomware: Ransomware attacks strike every 14 seconds. They are amongst the most rapid-paced and prevalent of cyber security threats lodged at businesses, with usual intent of shutting down servers or holding data and files hostage until a suitable ransom is paid by way of bitcoins.
2. Phishing: In a global survey of IT decision makers, over half stated targeting phishing attacks were the top cyber security threat faced by their organisation. Advanced phishing attacks often mirror the electronic communications of trusted and frequent business contacts, from third-party vendors to other businesses you work with.
3. Malware: Malware represents a huge piece of the cyber scam pie. These malicious pieces of software, be they viruses, spyware, keyloggers or worms, have one intent – to enter and then disrupt or disable a computer system. Today, over 90 per cent of malware is delivered via email, typically hidden in the form of infected attachments or discreet links. All it takes is for one well-intentioned employee to click or download for malware can cross your defensive channels.
4. Fileless Attacks: Like ransomware, Fileless attacks have seen an uptick in the past year. The uptick represents a 94 per cent increase in the use of Fileless-based attacks between January and June 2018. Rather than attempt to download tainted executables onto a computer or server – like with spyware or malware worms – Fileless attacks exploit applications or even operating systems already installed in a device. These are also known as zero-footprint attacks, macro, or non-malware attacks.
5. Human Error: Human error is the leading cause of data and security breaches. The most common types of breaches occur as a result of someone sending data to the wrong person. With cyber criminals on the rise, not enough business owners are paying attention to the avoidable consequences of human error. Unintended disclosures, accidental data deletions or improper disposals of sensitive files all fall under human errors, a common yet under-the-radar enterprise threat. Human errors make cyber security awareness training and data-handling policies all the more imperative.
Benefits of investing in cyber security
There are plenty of business benefits to investing in cyber security defences. According to some industry experts, a robust cyber security budget should never fall below 3% of a company’s total capital expenditures. If it is below three per cent, then – bluntly put – something is missing! Companies should treat their cyber security policies and technologies like they do any investment – meaning fluid, long-term, performance-driven and with quantifiable goals. Capital expenditures can then be channelled as strategically as possible when cyber security is practiced as an arm of everyday operations rather than a red line in annual budgets.
When done right, that investment composites into tangible and intangible benefits for an organisation as mentioned below:
1. Shield your most valuable business assets
A single compromised data point or record can cost a business hundreds of dollars. As noted above, these costs vary depending on the cyber security incident that breached them, as well as other budget expenses like system downtimes, system patches, employee downtimes, lost customers and in some cases regulatory fines.
2. Solidify client and consumer trust – Thus your reputation
The traces of mishandled data or network breaches are hard to scrub. Some organisations are now infamous for such incidents and their reputations won’t be restored anytime soon. Companies that proactively protect their clients’ data don’t just prioritise this aspect of business operations. They’re telling the world they take this responsibility seriously. Enterprises that put in this effort earn the rewards with happier, more loyal customers.
3. Have peace of mind
Cyber security investments provide businesses peace of mind that they’re doing, all they can to be compliant, secure and successful. You have more administrative insight into networks, greater visibility into operations, a deeper trust in employees and amplified control of everyday applications. Plus, your business stands more poised to embrace emerging technologies like AI, cloud services and even block-chain, since its cyber security practices are already under control.
4. Reduce internal and external security threats
Choosing to invest in cyber security means choosing to invest in your company’s future. You’re intentionally harmonising tomorrow’s goals with today’s risk management practices, helping ensure a smoother path to achieving that vision. All this is best accomplished through careful budget planning to mitigate surprises.
5. Strengthen regulatory compliance at every level
Very soon, all Indian businesses may have to comply with Data Privacy Law. That means the government body may administer cyber security compliance laws meant to keep pace with the times. Even international bodies have stepped up their cyber security game, viz., EU’s landmark passage of the General Data Protection Regulation (GDPR). Organisations found incompliant of these data mandates won’t be in business for long.
Budget for cyber security protection
Research from industry leaders, including IBM, project that a healthy cyber security budget should make up 9 to 14 per cent of an overall IT department’s annual budget. Yet in reality, Indian businesses spend less than 4 per cent of total IT budgets on security and risk management. Please remember that cyber security is an investment – not an expense. This is the essential thing for managers and employers alike to understand when it comes to budgeting for cyber preparedness and implementing the right changes at the right time.
Conclusion
Your organisation cannot predict every cyber threat. That doesn’t mean it has to wave the security white flag, either, accepting breaches and data loss as inevitable. Organisations like yours have more resources than ever to defend their networks, secure records and ensure evergreen, compliant operations by choosing the right security partner so that you can get the most from your cyber security budget and develop and maintain a clear understanding of your needs by building the effective Cyber Security Program for your organisation.
Ravindra Benday is Founder and Managing Director, Chief Mentor, Chief Motivator and Chief Drill Sergeant at Benelec Infotech P Ltd, Pune, with 30+ years’ experience in building great teams and successful service business model. He oversees the company’s business strategy aiming to redefine how the IT Services industry delivers the solutions to the mid-market.
