Page 19 - Cyber Warnings
P. 19
Building a Business Case for Security that the CFO Can
Understand
Jim Jaeger, Chief Cyber Services Strategist, Fidelis Cybersecurity
According to a March 2016 PwC report, ‘A False Sense of Security?’, that surveyed 300 Middle
Eastern organizations, the region has become one of the prime targets for cyber-attacks.
In fact, according to the findings in the report, in 2015, 56% of businesses in the region lost
more than US$500,000 as a result of cyber incidents compared to 33% globally.
Faced with this reality, organizations across the region have upped their IT security spend.
However, one of the biggest challenges when you go shopping for new security tools is
answering the inevitable question from finance: “What’s the value?”
Determining the ROI of a new security product isn’t an exact science. There are no hard and
fast rules to follow – which is why generic ROI calculators should be avoided at all costs (pun
intended).
Measuring the impact of better security is like measuring a moving target. What’s more, every
organization is unique.
The setup of an organization’s existing infrastructure, its size, risk level and the potential impact
of a security incident, will vary significantly. Ultimately, this means that successful security
strategies can look very different.
Where is the value?
On the face of it, most security tools don’t appear to save you time or money. They generate
new alerts and this can swamp an already overburdened security team with investigating and
tracking down new potential threats.
That’s not to say that security tools have no value, however, and it’s by evaluating this that a
CFO can understand the true business case for a security solution.
However, the challenges inherent in defining the ROI for security tools does not decrease the
importance of defining this information and articulating it for corporate leaders and the Board.
The recent explosion in the number of security vendors in the market, offering similar
overlapping solutions, and their almost identical claims to “solve the security problem” makes
picking a comprehensive security solution more difficult.
The fact that its increasingly difficult for CIOs and CISOs to understand if and where security
gaps still exist, doesn’t decrease the importance of helping C-suite executives and Board
19 Cyber Warnings E-Magazine – August 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
