How Financial Insights Inform Security Strategies

It’s time for organizations -- their boards in particular -- to take the initiative to understand the cost of a security breach and the financial benefits of doing cybersecurity right.

Chris Hetner, Customer Security Advisory Council Chair, Panzura

August 23, 2023

4 Min Read
Data breach illustration, a thief running away with secure information illegally hacked from computer
Nanzeeba Ibnat via Alamy Stock

Gone are the days of cybersecurity being a fringe function on the outskirts of business. The cyber threat landscape has now evolved to the point where data breaches are an ever-present threat, and attacks on a company’s network are simply the cost of doing business. Cybersecurity can no longer operate on its own island but must be fully integrated into every facet of business to ensure data is safeguarded and endpoints secured.

The need for a more holistic, top-down approach to cyber resilience has beenechoed by the Securities and Exchange Commission (SEC), which enacted new regulations this year requiring companies to openly report serious cyber incidents and explain who on the company’s board is ultimately responsible for dealing with it. This call for board oversight on matters of cybersecurity is designed to increase the burden of responsibility when it comes to dealing with cyberattacks, prompting organizations to take their data security strategies more seriously and share intelligence in the event of a breach. It's a bold move, and perhaps long overdue, and it's absolutely necessary when it comes to strengthening the overall risk posture of businesses amid the rising tide of cybercrime.

According to a recent report by theWall Street Journal, 90% of corporate boards are notready for the new SEC regulations. That means CISOs and their teams are now mobilizing and reevaluating their data security strategies, both to make those strategies more accessible and transparent, and make sure investments in cybersecurity are maximized. They understand that proactive mitigation is more important than reactive remediation, but businesses cannot make that leap with basic cybersecurity tools alone. They need to plan ahead, know where to focus their cybersecurity resources, and develop an in-depth understanding of how the return on any cybersecurity investment is going to pan out. That is where financial insights come into play.

The Power of Financial Insights and Cybersecurity

As cyberattacks grow in frequency and sophistication, businesses have been waking up to the fact that focusing on risk posture and resilience is more important than having simple defense mechanisms in place. In 2021, more thantwo-thirds (66%) of businesses were hit by a ransomware attack. That’s a 78% increase from the previous year, with damages incurred total costs of around $20 billion. While robust technological measures and cybersecurity protocols remain essential, it is equally important to leverage financial insights to strengthen any data security strategy. By combining financial knowledge with cybersecurity practices, organizations can make informed decisions to protect their valuable assets and mitigate potential risks, instead of chasing down threats.

Let’s explore the financial insights that can make a material difference to an organization’s data security strategy:

Understand the cost of data breaches

By analyzing the financial impact of previous security incidents, organizations can gain a better understanding of the potential consequences and allocate resources accordingly. This information helps to justify investments in data security measures, such as encryption tools, employee training and incident response plans, by highlighting the potential financial losses associated with a data breach. In addition, having robust data management and recovery tools in place can  help to mitigate potential losses in the event of breach, while lending more  to investment in key areas.

Evaluating return on investment

Using financial insights, organizations can assess the ROI for their data security expenditures. By evaluating the cost-effectiveness of security solutions and technologies, organizations can make better-informed decisions about allocating their budgets. A thorough financial analysis helps identify the most cost-effective security measures that provide the highest level of protection for the organization's sensitive data.

Incorporate risk management practices

A financial perspective also can play a crucial role in developing an effective risk management framework for data security. By assessing the potential financial impact of security incidents, organizations can prioritize their efforts and allocate resources to areas that pose the highest risks. Financial models and risk assessments enable organizations to quantify the potential losses associated with breaches, helping them make data-driven decisions to mitigate risks and protect their financial assets.

Compliance with regulatory requirements

Organizations need to understand the financial implications of non-compliance with data security regulations. Failing to comply with industry-specific regulations, such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), can result in significant financial penalties. By analyzing the potential fines and legal costs associated with non-compliance, organizations can ensure their data security strategies align with regulatory requirements, avoiding costly consequences. It also pays to know precisely who is accessing company data and from where in order to mitigate insider threats within an organization.

Evaluate cyber insurance policies

Financial insights also can aid in assessing cyber insurance needs and selecting appropriate policies. By analyzing the potential financial impact of a data breach, organizations can determine the amount of coverage required to mitigate losses. Understanding the financial aspects of cyber insurance policies allows organizations to make informed decisions when negotiating coverage, ensuring they are adequately protected in the event of a security incident.

Organizations need to view data security as a strategic imperative rather than a simple IT issue. By leveraging financial insights, organizations can empower themselves to make informed decisions, allocate resources more effectively, and protect their sensitive information and financial assets from the ever-expanding threat landscape. 

About the Author(s)

Chris Hetner

Customer Security Advisory Council Chair, Panzura, Panzura

With over 25 years of experience as a cybersecurity expert, Chris Hetner is recognized for raising cyber risk to the C-Suite and Board level to protect industries, infrastructures, and economies worldwide.

He served as the Senior Cybersecurity Advisor to the Chair of the United States Securities and Exchange Commission and as Head of Cybersecurity for the Office of Compliance Inspections and Examination at the SEC.

Currently, Chris is Chair of Panzura’s Customer Security Advisory Council, which provides education and awareness around data resiliency with a mission of advancing business, operational, and financial alignment to cybersecurity risk governance. Panzura is a leading hybrid multi-cloud data management company.

Additionally, he is a Special Advisor for Cyber Risk to the National Association of Corporate Directors, Chair of Cybersecurity and Privacy of Nasdaq Insight Council, and a Member of the Board of Directors at TCIG.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights