Executives are beginning to understand that cyber-based threats are a potentially significant impediment to business success. The challenges extend far beyond the annoyance of rising security budgets. The recent PwC survey showed 61% of CEO’s believe cyber threats pose a danger to corporate growth. If extrapolated across the business landscape, it will have sweeping ramifications to the future global economy. The overall impact is in the trillions of dollars based upon the World Economic Forum and the Atlantic Council reports.
We have been talking about this for years, but it is time to better understand the long-term systemic outlook of cybersecurity instead of just looking at the firefight-of-the-day tactical symptoms. As the C-suite becomes more security savvy, the number of executives expressing concern will climb. The problem of escalating cybersecurity expenses will continue to worsen.
Security costs include more than just products, services, and headcount. Incident costs, loss of reputation and customer goodwill add to the problem. Compliance, auditability, insurance, and litigation must also be accounted for.
One area which may represent the biggest overall impact has remained largely absent from discussions; the cost of creating secure products. For suppliers, manufacturers, service providers, and product owners, the world is changing as products and services, which connect or control aspects of people’s lives, must now be built and operated with security and safety in mind. Expenditures include shifts to support secure architecture, design, testing, manufacturing, compliance, and operational sustainability across the product lifespan. These additional charges raise the costs to do business, delay product releases, inhibit innovation, and most importantly siphons assets from profit oriented activities.
Say for example, a company must increase production costs by 20% to meet security needs. Where will that money come from? Taking it from marketing will reduce sales. Lowering the IT budget will put at risk operations and may shelve projects to support the enablement of the organizations profit centers. Cutting on product development can undermine competitiveness and lower customer satisfaction. Reducing manufacturing budgets can delay delivery times and impact quality. Few organizations have extra money sitting about. Operating budgets are finite and having an additional set of expenditures, not generating new revenue, puts a strain on plans for success.
The diversion of assets can limit the ability to seize market opportunities. These “opportunity costs” can compound over time. First to market, is a coveted position. Losing that race to a competitor, because more security testing was required, can be devastating with long term consequences. How difficult would it be to regain an advantageous position? The tradeoffs apply to human resources as well. What if the plan to hire 20 new marketing and sales staff were cut in half as the organization needed to hire security engineers and software developers to validate products instead? How many deals would not close or new customers be serviced by competitors because of the lack of field representatives? That money could have been reinvested for future gains and expansion. How about the IT project to improve customer services or support a new product launch, which has to be pushed out a year because budget is being reallocated to meet cybersecurity regulatory compliance or pay for breach insurance. The result of all these actions is the siphoning of competitive momentum which gives an advantage for competitiveness. Opportunity costs are the sleeping giant which is rarely accounted for in the world of security.
For just about every company, cybersecurity issues can upset the balance and strategic plans for business success. Security costs can be unexpected and a severe impediment to growth, operations, customer satisfaction, and sales goals. Executives are beginning to piece together the pieces of the cybersecurity picture. Costs, risks of loss, impacts to products, timing into the market, missed opportunities, regulatory sanctions, satisfaction of customers, and goodwill of partners hang in the balance. Cybersecurity is rapidly earning a place on the list of dangers to corporate growth.