- Companies aren’t investing strategically in security because nobody really understands the full cost of cybercrime and it’s extremely difficult to measure risk accurately.
- Getting investors to prod companies to take security more seriously could change that paradigm.
Here’s a thought: Why isn’t security considered a strategic investment? And could the thinking evolve over the next few years to come around to that conclusion? After all, we continually hear about how security has become a board level issue. And CISOs are getting more airtime with the board than ever before. I think there are two main stumbling blocks to getting there, and neither is easy to overcome.
First, it’s impossible to measure the true cost of cybercrime. Last month the Center for Strategic and International Studies released a report sponsored by Intel/McAfee that pegged the global cost of cybercrime at anywhere between $375 billion to $575 billion. Of that loss, $200 billion was attributed to the U.S., China, Japan and Germany. I personally think that those figures greatly under estimate the total economic losses that result from cybercrime because they don’t take into account all the factors that make up a loss, and because a lot of breaches in which intellectual property or other valuable data are stolen are never reported. Continue reading “How Much More Money Will be Lost Before Companies Begin Strategically Investing in Security?”