CYSE200T

The costs and benefits of developing cybersecurity programs in business

Posted by ladle001 on

Utilizing the National Institute of Standards and Technology Cybersecurity Framework, the IBM Cost of a Data Breach Report 2022, and other resources, I have broken down some of the monetary costs and potential benefits a business with a developed cyber security program could expect. To help amplify the data, I have found it beneficial to work backwards from a security event happening.

After a major cyber event, the insurance a company procures while establishing their cybersecurity program will prove worthy of the premium they have been paying for it. According to Security.org, business insurance policies can range from $500 to $5,000+ annually (2023). In a study conducted by IBM, companies with cyber insurance protection spent an average of $240,488 less than companies without cyber insurance during a data breach (2022). When applied to the same report’s average cost of a data breach of $4.35 million, $5,000 doesn’t seem like much of a hit to the bottom-line.

Incident response teams established, trained, and drilled as part of a healthy cybersecurity program reduced the average cost of a data breach by nearly $500k when compared to breaches without. When developed intentionally, scenario-based training helps teams respond to real situations like practiced experts. The actions required during a cyber event like a data breach are going to affect an entire company and an IR team could be formed by already existing employees, reducing cost, led by the Chief Information Security Officer.

Companies that leverage artificial Intelligence detection/protection platforms saved an average of just over $300k on a data breach. This kind of software provides a bridge of expertise between the front-line security analysts and management. This allows a team, which is always in development and not as experienced as it should be, the room to grow. Software like CrowdStrike is a perfect fit for this role and starts as low as $300 up to $1000 annually (crowdstrike.com, 2023).

According to IBM.com, DevSecOps (development, security, and operations) “automates integration of security at every phase of the software development lifecycle,” and can be thought of as an approach applicable to all parts of a business (n.d.). Businesses that took this approach to protect themselves from cyber threats lost $276,124 less than the average business during a data breach. Another approach that saved companies over $200k was one of maintaining a team that was trained to protect the company’s cyber interests.

The first, and most important step in securing a company is to start the process. Identifying your data, how best to protect it, and how to recover from a security event are all jobs consuming the data analysts, security professionals, and executives like the CISO. The potential average savings during a data breach in companies with a CISO, average salary of $230K+ (salary.com, n.d.), is $144,915. While those with a security analytics team, with an average salary of over $100k (U.S. Bureau of Labor Statistics, 2022), could save an average of $217,316 during a data breach. 

Chief information security officer salary. Salary.com. (n.d.). https://www.salary.com/research/salary/benchmark/chief-information-security-officer-salary 

Endpoint, Cloud Identity Protection Products: CrowdStrike. crowdstrike.com. (2023, January 20). https://www.crowdstrike.com/products/ 

IBM. (n.d.). Cost of a data breach report 2022 – IBM. Cost of a Data Breach Report 2022. https://www.ibm.com/downloads/cas/3R8N1DZJ 

IBM. (n.d.). What is DevSecOps?. IBM. https://www.ibm.com/topics/devsecops 

NIST. (2018, April 16). Framework for improving critical infrastructure cybersecurity … – NIST. Framework for Improving Critical Infrastructure Cybersecurity. https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf 

U.S. Bureau of Labor Statistics. (2022, September 8). Information security analysts : Occupational Outlook Handbook. U.S. Bureau of Labor Statistics. https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm 

Vigderman, A. (2023, January 27). How much does Cyber Insurance Cost?. Security.org. https://www.security.org/insurance/cyber/cost/ 

Leave a Reply

Your email address will not be published. Required fields are marked *