June 21, 2016

CEO, don’t save yourself to death!

Markus Melin

Head of Tieto Security Services, Tieto

Keeping company’s digital assets secure should be the CEOs’ top concern and given enough funds to run smoothly.

"Penny saved is a penny earned". This tried-and-true saying is the motto for many a CEO. In modern business, there is a constant need to save money and make work more effective and productive.

This is, of course, very reasonable. Organisations need to evolve constantly, and one way of achieving this is to look for processes that can be improved and costs that can be cut.

However, deciding where to save is tricky. Marketing is crucial, as well as research and development, customer service, and IT operations. Every department is sure to fight for any penny they can get.

It might be all too tempting to take a closer look at security functions and cut back in that department. After all, security is not something that generates additional turnover or goodwill, right?

Wrong. Security is one of the most critical drivers of success for any company.

Out of sight, out of mind

Security is one of the most undervalued functions in an organisation. Security recruiter Matt Comyns said in CIO’s interview that many companies are in denial concerning cyber security, and the US Treasury Department’s report describes the situation bluntly: "[C]ompanies still underinvest [in security research] for reasons of cost or perception that existing threats do not warrant additional investment".

Security’s problem is that when everything works smoothly and the problems are kept at bay, it doesn’t show in any concrete way. Business just jogs along as usual and everything is hunky-dory.

A common misperception among companies is also that there isn’t anything important to steal, so why bother with investing in security. In fact, many top managers seem to make a point of downplaying the value of their data. Wishful thinking, perhaps?

Wrong again. You don’t want to wait for a breach to happen to realize that security needs to be sufficiently funded. The costs are going to be much higher if the company starts to implement good security only after the incident has happened. Sloppy security is bad for the reputation of the company as well as for the bottom line. Ponemon institute reported one breached record to cost a company $158. How much is spent to mitigation through risk-based budgeting?

Keeping company’s digital assets secure should be the CEOs’ top concern and given enough funds to run smoothly. Otherwise, the CEO’s must change their motto to "penny-wise and pound-foolish".

Want to know more about security? Download our white paper on ransomware.

Stay up-to-date

Get all the latest blogs sent you now!