Today cybersecurity must be a priority for businesses. How to persuade the management board?

Ransomware, DDoS, phishing – enterprises face such cyberattacks on a daily basis. At the same time, the world has to deal with the consequences of the economic slowdown and high inflation. Many new investments are postponed until better times. However, that is not an option when it comes to cybersecurity solutions. Why is this area so important and how can one persuade the management board that tools for fighting cybercriminals are simply indispensable?

Though the awareness of the necessity to implement cybersecurity solutions is growing, it does not happen in all sectors and departments. Obviously, IT specialists usually understand the severity of this problem, but directors and managers frown upon costs related to cybersecurity. Why? Because they don’t know that a cyberattack is not simply an IT problem – it has repercussions throughout the entire company.

This impact is now greater than ever, because we do business in a different way. We work remotely, in dispersed teams, we collaborate with multiple contractors and external partners, the IT infrastructure and the number of applications we use every day. All of this provides cybercriminals with new opportunities for attacks and increases the company’s vulnerability, says Krzysztof Andrian, CEO at Concept Data.

In such circumstances, it is crucial to ensure safe access to systems and digital identity management, including the implementation of multi-factor authentication, SSO tools and the Adaptive MFA. Businesses should adopt the Zero Trust approach, i.e. treat anyone who tries to access the company systems with suspicion and thoroughly verify the person’s identity to prevent adverse events such as data theft or malware infections. But how can one persuade the management board to do so?

A cyberattack is a cost, damage to reputation and loss of trust

People who are not sure about investments in tools protecting against cyberattacks should be reminded that the long-term consequences of such attacks affect the entire company, not only the IT department. They have multiple and varied business effects.

1. High costs of recovery from a cyberattack

Each cyberattack generates enormous expenses. According to the FBI report, the financial damage resulting from cyberattacks in the U.S. in 2022 amounted to USD 10.2 billion. What are these costs? The ransom (if we deal with a ransomware attack), data retrieval, restarting the IT infrastructure and fines (e.g. resulting from the GDPR).

2. Losing the trust of customers, contractors and investors

Companies use many digital channels in their operations. They contact subcontractors or customers via e-mail, they provide them with access to the company systems. If these systems become infected with malware, it harms the company’s reputation and affects its communication with partners and contractors who start to worry about their own safety. If customer data leak out, such a company is viewed as untrustworthy. The analysis published in 2021 by Comparitech says if a cyberattack is successful, the affected company’s value drops. Disclosed breaches of security had a direct and adverse impact on the stock prices of 34 analysed companies listed on the New York Stock Exchange. This impact continued long after the attack, though with gradually decreasing intensity.

3. Downtime in business operations

The system recovery and the return to normal work-flow following a cyberattack can take a very long time. This generates new costs related to non-performance of agreements as well as conflicts with contractors, business partners, customers and service recipients. Such conflicts may finally lead to termination of agreements and discontinuance of collaboration.

Which solutions to choose?

Becoming aware that cybersecurity is important does not dispel all doubts. A CEO or a financial director who is supposed to approve expenses on new solutions may wonder of the tool suggested by the IT department will actually be the best choice for the company. It is not just about implementing something that works today – the investment in cybersecurity should bring long-term benefits.

What is obvious to IT specialists can be a total conundrum for management board members and financial directors. That is why the cybersecurity solution provider should be your business partner. It is impossible to ensure effective protection by implementing a solutions which fails to correspond with the company’s strategy and business processes. When selecting a security system, one should engage in close interactions with the provider/adviser who offers various IT tools and who should get to know the entire company, its processes, development plans, strategies and technologies. Based on this knowledge, the provider will then suggest a solution meeting the company’s individual needs, adds Krzysztof Andrian.

Through such a collaboration, one can control, rationalise and spread cybersecurity expenses in time. The provider/adviser will select the needed tools matching the company’s infrastructure and work-flow. The provider/adviser will suggest a cybersecurity development program corresponding to the company’s development strategy. The provider/adviser will help with employee training. As a result, the entrepreneur can avoid the mistake of buying systems or solutions that would become insufficient after several months.

Cybersecurity for everyone to the same extent?

Does each and every company actually need the cybersecurity development strategy? Some enterprises have to pay special attention to this area, because they operate in regulated sectors such as banking, insurance, medicine and pharmacy. Some businesses have already been affected by cyberattacks and become more aware of the issue. But still there are companies that do not know whether they should invest in security features, considering the scale of their operations.

Each CEO or company owner wondering whether to treat cybersecurity seriously should answer one basic question: which data in the organisation constitute its competitive edge, where such data are stored and how well they are protected. A company that uses intellectual property as its main competitive advantage should be particularly careful with its resources. R&D results, prototypes and patents are sensitive data which can attract cybercriminals. Any disclosure of such data means the loss of competitiveness and of the position on the market, explains Krzysztof Andrian.

Each cyberattack can have long-term negative consequences for the affected company. The loss of customer or employee data generates costs and damages the company’s reputation. By effectively collaborating with the solution provider and treating cybersecurity in terms of a long-term project, one can smartly secure the company’s resources and protect it against the consequences of cybercriminal activity.