How secure is your company’s IT security infrastructure? A study for global computer security software company McAfee (now Intel Security Group) conducted by the Center for Strategic and International Studies valued the combined cost of illegal hacking to the 2014 world economy at more than $440 billion.
With the damage inflicted by cybersecurity attacks on government systems and even corporations like Sony and Target, now is the time to invest in top IT security talent. In fact, CEOs, hiring managers, and employment agencies should rank cybercrime specialists at the top of their priority talents.
At a CIO Network conference organized by the Wall Street Journal, chief information officers shared the need to focus on securing their companies, hiring the best talent, and building newer and safer IT infrastructure.
According to PayPal CIO Brad Strock, security is constantly on “everybody’s mind,” adding the goal of IT chiefs now is to develop new ways to collect and share threat indicators within the industry as quickly as and widely as possible, making it difficult to attack security systems.
So, why are some companies still neglecting IT security? Let’s take a look.
Top Talent Is Too Expensive
With cybersecurity concerns at an all-time high in the wake of the Sony attacks, it comes as no surprise why IT security professionals are in high demand, with the big honchos like Facebook, Google, and Apple willing to pay top dollar for the best talents. But for small businesses with seemingly nothing valuable to lose, cybersecurity is less of a priority, partly because it’s hard for them to attract top talent, and also because they think they can get away with hiring an IT pro who’s a jacks of all trades, but a master of none.
But the truth is that cyber criminals are more likely to attack small-to-medium enterprises than large ones — and unlike large companies, it’s hard for SMBs to offset the cost of security attacks by passing it on to customers and financial institution. So to cheap out on IT security talent may lead to a big-time expense down the road.
Cyber Attacks Aren’t As “Expensive” As Initial Estimates Show
An analysis of the losses incurred from security attacks on companies like Target, Sony, and Home Depot actually show they are relatively lower than initial estimates. Furthermore, the losses were so small next to the revenue these companies made, it’s more cost efficient to take a chance and fix IT security issues later on.
For example, Target’s IT security snafu amounted to a bill of $252 million in 2013 and 2014. After the insurance coverage of $90 million, that number went down to $162 million. After tax deductions, that number fell down to $105 million. While that may seem an obscene amount of money, it’s a mere 0.1 percent of Target’s 2014 revenue.
But what many experts fail to point out is the cost to brand equity, customer loyalty, and publicity from word of mouth. This is the real cost: People are talking about the attacks to Target, not Walmart. This damage is hard to quantify, which makes it even more dangerous.