Cybersecurity is no longer an issue that can be ignored by any organizations, no matter their size. The threats of cyber attacks are real and must be dealt with in a timely fashion; however, how can the value of cybersecurity be quantified?
“Calculating ROI for cybersecurity spending has always been a challenge for security officers, their management and the Board. Seven years ago, Bruce Schneier wrote a very good article about the difficulties and challenges of ROI calculation for data security spending within companies. Nothing really changed since then, however both annual spending on cybersecurity and the cost of global cybercrime have significantly increased.”
The article continues, “with the Internet of Things and mobile threats, the number of new cyber risks is constantly growing, and companies have to spend on data security in the areas where they have never even thought about cybersecurity before. Traditionally, Europe is more conservative than the US, and many more European security officers are asked to reduce initially proposed cybersecurity budgets by removing some items or replacing them with less expensive substitutes. Many companies fail to understand how a particular security solution or service can reduce their risks, and most importantly, how it can prevent direct and clearly understandable financial losses. The FUD (Fear, Uncertainty and Doubt) tactic, selected by some vendors, only aggravates the current situation as management prefers not to think about cybersecurity challenges.”