Skip to Content

Budgeting for cybersecurity requires a new approach

September 14, 2021 Article 1 min read
Raj Patel

Cyberattacks are surging. In CFO, Raj Patel discusses why the time has come for companies to forget traditional budget approval processes for cybersecurity strategy and instead focus on three key areas for corporate spending.

Business professional walking down a walkway.When a country sends its army to war, it does so based on a plan to win, not on fitting a predetermined budget.

But when it comes to the virtual cybersecurity battlefield, CFOs too often take the opposite approach, leaving their companies unnecessarily exposed. Their spending on cyber defense is shoehorned into a rigid budget plan rather than guided by a genuine assessment of security needs.

Cybersecurity spending needs to be treated differently because of the excessive damage that a successful attack can inflict. A million dollars saved now can easily cost $25 million later when a ransomware attack breaks through a company’s defenses or a phishing attempt results in a leak of sensitive customer data. Even if a company has cyber insurance to mitigate the direct financial costs, a successful attack can still lead to major reputational damage, lost customers, and hefty legal fees.

Related Thinking

2021 Year-end Webinar Series


2021 Financial Institutions Symposium


Reimagining healthcare: The state of staffing and remote work in acute care

Webinar 60 min watch