Following Home Depot’s data breach, several former employees told the New York Times that they were surprised the company hadn’t been hacked before. Whenever they’d asked for cybersecurity training, managers offered them the same response: “We sell hammers.”
If senior management doesn’t have the right approach to cybersecurity, then neither will the rest of your company.
Good cybersecurity practices should come from the top down (enforcing the message) and the bottom up (regular staff training) so that it becomes business as usual.
- Initial start-up cost
As with any new project or management system, you will need to make a small investment to get it up and running. Options vary depending on the resources you have available, but you could quite comfortably get an information security management system (ISMS) aligned to the international cybersecurity standard, ISO 27001, for around $15,000. See the ISO 27001 Get A Lot Of Help Package for more information.
If your organization has 19 members of staff or fewer, then take a look at our ISO 27001 FastTrack consultancy package which is as low as $7,650.
- Ongoing maintenance
There is also the ongoing maintenance cost of continuing and improving your ISMS, and regular testing of your software, but this is minimal compared to your start-up cost.
- Achieving ISO 27001 registration – optional
Achieving registration to the Standard is typically the most expensive part of getting cyber secure (registrars will charge a consultant’s daily rate for auditing your organization and ISMS) but achieving that stamp of approval is worth it. ISO 27001 registration will help you win new business, provide assurance to your stakeholders that you are serious about cybersecurity, and give your business credibility.
- Someone who knows what they’re doing
Global studies have shown that organizations that employ a chief information security officer or someone who is responsible for the company’s confidential data are significantly more likely to reduce the cost of a data breach or prevent one occurring altogether.
- Common sense
Target gave its third-party vendors full access to its entire network. Hackers were able to phish Target’s heating and ventilation company, and were then able to log in and plant malware on POS systems through their third-party login account.
Being cyber secure mainly involves common sense. You wouldn’t share your house keys with a stranger, so why give third-party vendors access to your network?
The ISO 27001 standard specifies many commonsense requirements that organizations should be employing anyway. Download a copy to read the international best-practice requirements for an ISMS >>
Cybersecurity costs far less than cyber insecurity
There is a common presumption that being cyber secure is expensive, when in reality being vulnerable to cyber attacks is your real expense. Below are the average costs relating to data breaches:
- Data breach notification cost = $509,237
- Post-data breach cost = $1,599,996
- Lost business cost = $3,324,959
- Total = $5,434,192
Ponemon – Global Cost of Cyber Crime – 2014 – US
On top of that, 60% of small businesses close within six months of suffering a data breach.
So there you have it – a big budget is not critical to protecting your business against a data breach. You can achieve cybersecurity with an outlay as low as $7,650, as long as you have the right attitude.