In 2018, more than 2.5 quintillion bytes of data were created every day, which is 19 digits and looks like this:

2,500,000,000,000,000,000 bytes

and…as of July 2020, there were over 4.8 billion Internet users in the world (Vuleta, 2021). With so much data being stored and so many users, it is guaranteed that there are plenty of “bad actors,” or hackers, working to exploit people and technology. With so many hackers working to exploit systems, it is also assured that information systems will be breached. These hackers work to exploit systems for a variety of reasons, some of which include seeking financial gain, idealistic reasons, espionage, or just to prove they could. As it is critical to protect business systems, businesses must appropriately invest in cybersecurity professionals, current/supported hardware/software systems, cybersecurity systems, and training. Failure to appropriately invest will make a business vulnerable, which also makes them prey for hackers as competing businesses employ more secure systems.

Businesses store a variety of sensitive data that includes business proprietary information, employee and client personal/financial information and business partner information. Ultimately, when one evaluates the cost of cybersecurity, what is assured is that the cost is unavoidable. The first decision businesses need to make is whether they will proactively invest in cybersecurity strategy, implementation, and sustainment or reactively to a breach that will not only impact the business financially, but more importantly, subject the business to legal ramifications and loss of reputation up unto leaving the business stakeholders with no choice other than to completely dissolve. To realize the benefits of a cybersecurity program, businesses need to seriously evaluate those inevitable reactive costs. Furthermore, the legal ramifications to a breach could be penal as well as civil. More importantly, even if the business survives, the cost to a business’ reputation may be immeasurable for years to come. The real benefit of a solid cybersecurity program is it ultimately supports achieving business’ goals.

To understand the proactive costs of cybersecurity, business must first establish a strategy and conduct a risk assessment. Once a risk assessment is completed, a business can determine the costs to mitigate risk. It is important to understand that no system is 100% impenetrable; therefore, businesses must establish a risk mitigation strategy based on the likelihood and impact of the identified risk. The overall cybersecurity strategy planning must include all aspects associated with the identification of information assets, ongoing protection as well as detecting, responding, and recovering from a breach. Lifecycle management costs must also be considered as part of the long-term strategy because all equipment and software will eventually become antiquated and unsupported, which makes them extremely susceptible to breach. At a first glance, a full cybersecurity program may seem to be overwhelming; however, businesses need to consider outsourcing some or nearly all cybersecurity requirements. Regardless to the strategy, a business must understand two important factors: 1) executive management support in establishing policy and the overall culture are critical to the success of the cybersecurity program; and 2) regardless to how much a business decides to outsource, ongoing employee training is a must, as people are the weakest link. 

Vuleta, B. (2021). How much data is created every day? [27 powerful stats]. SeedScientific. (2021, March 22). Retrieved November 2, 2021, from https://seedscientific.com/how-much-data-is-created-every-day/#:~:text=Every%20day%2C%20we%20create%20roughly%202.5%20quintillion%20bytes%20of%20data.