September 19, 2017

Resources for an information security budget discussion

Business

What makes companies leave their IT systems exposed, without strong protection? Over the past 20 years on the information security market, our experts have been involved in countless incident investigations. They are sure that the problem most often stems from the fact that technical professionals and businesspeople speak different languages.

Today’s security professionals know the threat landscape pretty well. They also know what protection measures need to be implemented. That is not enough. After all, the decision to allocate a budget for information security is made by other people — people who have a somewhat different perspective on security. The need to implement specific solutions is not always obvious to them. All they want to know is what measures are adequate and won’t break the bank. So the security pro’s main task comes down to explaining, objectively, the importance of IT security to business decision makers.

What can persuade a person fixated on the bottom line? In this case, an explanation of the benefits and risks along with some visuals showing the state of cybersecurity at other companies. Here, therefore, we present our essential kit of talking points and facts.

Hard numbers

Figures remain the most convincing argument for businesspeople. That’s why we conducted market research with the help of B2B International. It has given us insights into how companies of various sizes operating in different countries make decisions, what kind of budget they allocate, and what specific aspects of business they prioritize. Some of the findings may come in handy as talking points during an information security budget discussion.

Take this fact, for example: Enterprise-scale companies suffer the most damage as a result of incidents relating to their partners. Such incidents cost an average of $1.8 million. Or consider this: Incidents involving remote infrastructure hosted by third-party companies are among the top three in terms of the extent of damage suffered by both small and big businesses. They cost, on average, $140,000 for a small business and $1.6 million for a big business.

Put simply, the cost of losses resulting from cybersecurity incidents is rising inexorably. Last year, small businesses lost $86,500 per incident on average, whereas this year’s losses average $87,800. The difference is starker for big businesses: $861,000 last year versus $992,000 this year.

These are hardly the only numbers that might pique the interest of a decision maker. Look up the remaining stats in the complete report.

Persuasive pictures

A visual representation of the current state of security at companies operating in your market segment and in your region is an altogether different story. We have used the most important facts to create a special-purpose tool called Kaspersky IT Security Calculator.

It is pretty straightforward. Choose your region, industry, number of employees, and approximate information security budget. Our calculator will generate slides for an almost-ready-made presentation that will help you justify the security budget. You will also get tips that will help you build your own security system.

The slides show threats encountered by your peers, the security solutions they intend to use, and, most important, the average security budgets in your industry. Results can be downloaded (in PDF or image format) and pasted into a report or presentation. Or you can share them right away for a quick discussion through a messaging app or social network.