Skip to content
Get A Demo
Sign Up Free
    March 4, 2019

    How to Determine (And Stick To) a Cybersecurity Budget

    You have to spend money to protect money. Wait a minute…that sounds different than what we’ve heard before.  Isn’t it supposed to be “You’ve got to spend money to make money”?

    And therein lies the problem. Members of the C-suite, such as the CIO and the CISO (Chief Information Security Officer), have been fighting this uphill battle for years. It used to be the CEO and the CFO themselves that would put up roadblocks, but fortunately, most have come to accept that there are different rules for data, information, and cybersecurity.

    Now it just remains to convince the board members not to demand return on investment (ROI) before they hand out cybersecurity budgets. Some of these folks on the board are completely fixated on the antedated notion of a ROI every time a dollar goes out the door.  

    What they fail to grasp, and what you must make them understand, is that data security is not about creating income.  It is about preserving the income you have already generated.  The so-called “Return” on this investment is protection of profits already gained; protection of reputation so customers will continue to do business with you; and, protection from federal fines.

    “We can’t afford it” isn’t an acceptable answer. Breach = Fines = Profits Lost = “Can’t afford it” = Breach = Fines = Profits Lost = eventual bankruptcy… It’s a death spiral for a company until someone is finally willing to say: “We have to afford it” so as to protect their own interests.

    Cybersecurity Spend vs The Cost of a Breach

    It may have taken the manipulation of millions of dollars to create a profit in the hundreds of thousands. Yet all it takes is one federal fine because of a data breach to wipe out all of it in a single stroke.

    In the healthcare industry, the average cost per client record stolen, now stands at $408 each. If a hacker steals 10,000 records, that’s $4,080,000 gone, just like that.  

    When your donors hear about that, they are going to wonder “Was that most of my five million dollar donation?” and then ask themselves if it is worth donating again. Of course there is more to it, just in terms of loss of public confidence, and the consequent loss of business.

    One Swedish healthcare advice line stored 2.7 million patient phone calls, dating back to 2013, on an open server. Do the math. Discovered in early 2019, only 55 call files out of the 170,000 hours of records had been illegally downloaded by seven different IP addresses. Once the breach was discovered the server was immediately shut down.

    Of those 55, nine contained Personally Identifiable Information (PII) and 16 contained phone numbers. Remediation was undertaken, but the biggest cost was the immense decrease in the number of callers to the MediCall Helpline. Is that a risk you’re willing to take?

    In-house Cybersecurity is Expensive

    Having your own security information and event management (SIEM) and a security operations center (SOC) running 24 hours per day is a huge expense, with plenty of salaries, plus huge equipment costs. It is generally beyond the cybersecurity budgets of all SMBs, and challenging even to smaller enterprise firms.

    Instead of being obliged to go to the board with hat in hand, looking for “X” number of dollars in an effort to protect their profits, you can engage Blumira to provide that protection externally, through the cloud, with an 80% reduction in the cost of doing it on your own.  

    Going to the board and saying “I need to hire “X” number of expert workers and spend “X” number of dollars annually, or I can spend just 1/5th of that to contract the work out,” what do you think they will elect to do?

    Better yet, it saves an immense amount of time because you don’t have to locate and hire workers. You could be up and running faster than you could hire a single person yourself. Plus you get top-qualified talent protecting your business for five years for the same cost as doing it alone for just one year!

    Affordable Solutions For Your Cybersecurity Budget

    There are very few bargains in the cybersecurity game. Blumira was developed so that companies don’t have to compromise security features for affordability. This is one of those rare opportunities where “everybody wins.”

    Blumira gives you effective threat detection and response capabilities at a price point you can manage. You don’t need to invest in additional people, or in expensive equipment. With Blumira, everything is cloud managed, so you don’t need to spend resources to deploy agents onsite when threats are detected.

    Moreover, Blumira takes minutes to set up rather than weeks or months, saving your company thousands of dollars typically used in installing your own SIEM and running 24×7 SOCs.

    Try Blumira for free today.

    Matthew Warner

    Matthew Warner is Chief Technology Officer (CTO) and co-founder of Blumira. Matt brings nearly two decades of IT and cybersecurity experience to his leadership position, and a genuine passion for cybersecurity education. Prior to founding Blumira, he was Director of Security Services at NetWorks Group, a managed...

    More from the blog

    View All Posts