Is the most cost-effective move in the cost of living crisis investing in cyber security solutions?
In the midst of the biggest cost-of-living crisis in decades, the looming threat of recession, and an unprecedented energy crisis, organizations of all sizes are trying to find ways of cutting costs and saving money. While there are any number of measures organizations can take on that front -- from relatively small ones such as asking people to work from home to save on energy to more drastic measures such as layoffs -- the impact they have is variable at best. One measure that consistently saves organizations money, however, is investing in a proper cybersecurity solution.
In some ways, that might seem counterintuitive. After all, it’s an additional cost that the organization might not otherwise have to deal with. But it really is an investment that can pay off in a big way. That’s because the best cybersecurity solutions not only protect organizations from the threat of cyber attacks but also help mitigate their damage when they do occur.
Ironically, the self-same economic pressures that are forcing organizations to look at ways of cutting costs are also making having a proper cybersecurity solution more important than ever.
A cost-of-living spike in cybercrime
That’s because, after a cooling-off period in the wake of the cryptocurrency crash, the cost-of-living crisis has resulted in a fresh spike in cybercrimes. In fact, in the two weeks leading up to August 2022, the UK's National Cyber Security Centre received more than 1500 reports about scam "phishing" emails pretending to be about energy rebates from Ofgem.
That’s just one example of the kind of attack that cybercriminals are using. There are many others too. And in organizations that are under pressure and trying to reduce cost pressures, those kinds of "social engineering" style attacks are more likely to succeed and result in a breach. Given its support for Ukraine in the war against Russia, it’s likely that Russian state-sponsored actors will keep stepping up their attacks on UK companies too.
It should hardly be surprising then that recently released official statistics show that some 81 percent of UK organizations experienced at least one successful cyberattack in 2022. On top of that, 83 percent believe that a cyberattack is more likely in the coming 12 months.
Additionally, as predicted by PaloAlto Unit42, this year, more people will turn to cybercrime for financial gain, easy-to-access tools will become more widely available and vulnerabilities will be easier to exploit. The intersection of these factors will eventually lead to more cybersecurity incidents.
The cost of cybercrime
Those attacks can cost organizations serious amounts of money too. According to IBM, the average cost of a data breach in the UK in 2022 was US$5.05 million, placing it among the five most expensive countries for a breach globally. That’s to say nothing of the long-term damage that a breach can do to a company’s trust and reputation.
Even the disruption to normal business operations can be devastating. Think about it: could your organization afford the 22 days it takes, on average, to get back up to full steam in the wake of a breach? This effect may be magnified even further if the breach hits your business-critical applications. Small wonder then that half of small businesses affected by a cyber attack go under within six months.
It’s also worth bearing in mind that, given the percentage of UK businesses that fell victim to a cyberattack in 2022, cyberattacks should be treated as something that will happen, rather than something that might.
Investing in the right cybersecurity solution
That makes investing in the right cybersecurity solution even more important. While it might seem like a major expense now, the cost of mitigation and recovery is likely to far outweigh any up-front costs for technical controls and expertise.
A good cybersecurity solution won’t just alert you to new threats and actively work to protect you from them, it’ll also ensure that you’re in the best possible position to proactively respond in the event of a breach. The faster and more efficiently you’re able to do so, the smaller the impact of the breach will be.
Moreover, it’ll continually identify, evaluate, treat, and report on your organization’s software and network vulnerabilities. Ideally, it should start by identifying and addressing known vulnerabilities. Cybercriminals are constantly on the lookout for ways into an organization and failing to address vulnerabilities is as good as leaving a door or window open for them.
A small hit can help you avoid a big one
Ultimately, it should be clear that cybercrime attacks aren’t going to fall anytime soon. They’re also not going to get less expensive to recover from. As such, even businesses that are desperately looking for ways to cut back on costs should consider investing in a good cybersecurity solution a non-negotiable.
Image credit: Andrey_Popov/ Shutterstock
JP Perez-Etchegoyen is CTO of Onapsis, a leading global cybersecurity and vulnerability management firm which provides cybersecurity solutions to 20 percent of Fortune 100 companies.