The Rising Costs of Cybersecurity: Is It Worth It?

Yet many have remained complacent. In the U.S. alone, approximately 64% of Americans never check to see if they have been affected by a data breach, and about 56% do not know what steps to take in the event of a data breach. These figures all alarmingly highlight a pervasion of a view that ‘this will never happen to me’ and a lack of knowledge on the importance of information security in general. However, while complacency towards cyber threats is a major problem, the critical factor here is the workforce. Many of those who interact with data and security issues daily have been reported to not understand their role or are simply underskilled.

A cybersecurity MBA becomes a pivotal tool to relieve the skills crisis and talent shortages in the IT security chain workforce, and for small to large businesses alike to feel at ease when confronted with cyber threats. Cybersecurity should not be viewed as a cost but also as a necessary investment for a business’s livelihood and survival.

Evolving threats require flexible solutions

Cybersecurity is not static as the cyber threat landscape is an ever-evolving space. Novel threats and attacks emerge continuously and businesses need to adapt if they wish to protect their interests and security. About 10 years ago, ransomware and trojan attacks were all the craze, and now 10 years later there has been an alarming growth in AI-based attacks, social engineering attacks, and the exploitation of 5G technology loopholes.

This evolution and escalation of threats requires an equal response in defense. On one hand, the cybersecurity field has continuously developed and adapted new strategies to counter these new threats. The Microsoft Digital Defense Report in 2022 reported that the Microsoft company had blocked more than 70 billion threats and synthesized 43 trillion signals daily through data analytics and AI algorithms.

On the other hand, however, the majority of businesses are still largely unwilling to invest in cybersecurity due to costs and underskilling. While 83% of businesses in the U.S. see security risks as a threat to business growth, only 43% of large businesses place cybersecurity as a top-three priority for investment; and only a further 29.8% and 36.2% for small and medium businesses respectively.

Talent is just as important as technology

Investing in cybersecurity is not just in the technology, but also in the talent. A business can have as many sophisticated technological solutions as it wishes, yet when merely one person in the business inadvertently discloses confidential information to an attacker, all of it is rendered useless. According to Verizon’s 2023 Data Breach Investigations Report, more than 74% of data breaches were due to human error, which includes social engineering, direct error, or misuse.

Cybersecurity has admittedly become more expensive over the years, but there are still always cost-effective security pathways for investment. Sometimes, the root cause is as simple as for the business to have awareness. This awareness also consists of a further awareness of the need to cultivate cybersecurity talents. Beyond the degree, lifelong learning should be a cardinal principle for businesses. This consists of offering periodic training, workshops, and opportunities for cybersecurity employees to ensure that they are continuously upskilled and are always ready to confront these evolving threats.

Investing in cybersecurity talent and relieving shortages in the industry can also ensure adequate staffing and significant improvements in work-life balance for employees. 80-plus hour work weeks, an expectation of work-from-home research and study, with added constant work stress, are all constituting factors to the field’s current crisis. Yet if more businesses choose to invest in cybersecurity, there will be far more equitable distributions of workloads amongst IT security employees, which would lead to far greater productivity and lower turnover rates.

Incidents of data breaches and cyberattacks not only lead to financial losses for businesses but also significantly harm brand reputation and trust in the business amongst customers. Businesses are also inadvertently violating the law if data from consumers is not disposed of within a specified timeframe – and if these are breached by a cyberattack, that business may also be at risk of being subject to legal action. Given that data breaches have overwhelmingly been caused by human error, the urgency of investing in and cultivating new and existing cybersecurity talents is paramount.

The costs of not investing and investing in cybersecurity

Boasting about information and data security is an important marketing tactic for competing businesses today. As cyberattacks and data breaches are seen every day across news headlines, consumers too have grown more and more conscious as to which businesses they would entrust and not entrust their private information and data to. Just one single breach can destroy a business’s reputation amongst customers, as well as deter future would-be customers. The costs for the business therefore are not just the repair of damaged IT systems anymore, but also major revenue losses.

The cost of investing in cybersecurity dwarfs in comparison to the cost of constant data breaches. Recovery from a cyberattack can lead to hundreds of thousands for smaller businesses and tens of millions of dollars for larger companies. The cost of investing in cybersecurity – despite being more expensive in recent years – still remains lower than the previously mentioned average cost of US$4.45 million caused by data breach attacks. For small to medium businesses, an annual cybersecurity investment budget ranges from US$500,000 to US$2 million; and for larger businesses, it is usually greater than US$2 million.

If businesses prioritize cybersecurity investments and equip themselves with the knowledge and talent they need, it will ensure that one will have a solid foundation to confront attacks from both internal and external malicious actors. If businesses do not prioritize and choose not to invest in cybersecurity, one is left unprotected in this daunting reality of incessant cyber threats with the risk of losing the business entirely.

Cybersecurity is not just an addition, but a fundamental bedrock of modern business. By leveraging technology and nurturing future talents, businesses must abandon their complacent attitudes and recognize that cybersecurity is vital for growth and survival. It is an investment that is worth making as it is the only investment that will give true peace of mind for the present and the future.