Budgeting for cybersecurity requires a new approach
Cyberattacks are surging. In CFO, Raj Patel discusses why the time has come for companies to forget traditional budget approval processes for cybersecurity strategy and instead focus on three key areas for corporate spending.
But when it comes to the virtual cybersecurity battlefield, CFOs too often take the opposite approach, leaving their companies unnecessarily exposed. Their spending on cyber defense is shoehorned into a rigid budget plan rather than guided by a genuine assessment of security needs.
Cybersecurity spending needs to be treated differently because of the excessive damage that a successful attack can inflict. A million dollars saved now can easily cost $25 million later when a ransomware attack breaks through a company’s defenses or a phishing attempt results in a leak of sensitive customer data. Even if a company has cyber insurance to mitigate the direct financial costs, a successful attack can still lead to major reputational damage, lost customers, and hefty legal fees.