How can security support the business? To answer this question in financial terms, I outline two sides of the story. On one hand, CISOs can demonstrate positive impact on the EBITDA through elevating security capabilities. On the other hand, we can list potential downsides of poor security practices from both revenue and cost perspectives.
It’s not about carrots and sticks, it’s about seeing the full picture of opportunity and risk.
Cost savings
Protect the bottom line through risk reduction and loss avoidance
Reduction in time spent managing security controls and associated overheads
Streamlined compliance effort
Reduction in cyber insurance premiums
Increased costs
Direct breach remediation costs (forensics, cleanup, PR, fines, etc.)
Increased cost of compliance (e.g. PCI DSS), scrutiny from regulators and effort to maintain accreditation
Increased Cyber and IT liability insurance premiums
Increase revenue
Accelerated customer acquisition and retention due to increased trust
Expansion to new markets supported by robust security compliance regime and accreditation Launch new resilient and secure products
Increased market confidence
Loss of revenue
Partners and customers will likely accelerate exit after a cyber incident and inadequate response
Reputational damage will make it harder to acquire new customers and expand into new markets
Mismanaged cyber event will likely decrease the value of the company
Cyber Security Leadership 
2 Comments