Skip to Content

Budgeting for cybersecurity requires a new approach

September 14, 2021 Article 1 min read
Raj Patel

Cyberattacks are surging. In CFO, Raj Patel discusses why the time has come for companies to forget traditional budget approval processes for cybersecurity strategy and instead focus on three key areas for corporate spending.

Business professional walking down a walkway.When a country sends its army to war, it does so based on a plan to win, not on fitting a predetermined budget.

But when it comes to the virtual cybersecurity battlefield, CFOs too often take the opposite approach, leaving their companies unnecessarily exposed. Their spending on cyber defense is shoehorned into a rigid budget plan rather than guided by a genuine assessment of security needs.

Cybersecurity spending needs to be treated differently because of the excessive damage that a successful attack can inflict. A million dollars saved now can easily cost $25 million later when a ransomware attack breaks through a company’s defenses or a phishing attempt results in a leak of sensitive customer data. Even if a company has cyber insurance to mitigate the direct financial costs, a successful attack can still lead to major reputational damage, lost customers, and hefty legal fees.

Related Thinking

May 13, 2022

Are your internal controls still effective? Find out with our SOX compliance checklist

Article 3 min read
May 4, 2022

Third-party relationships: Due diligence guidance for community financial institutions engaging fintechs

Article 4 min read
April 11, 2022

Five benefits of cloud-based disaster recovery

Article 5 min read