The Business Case for Security

The Cybersecurity and Infrastructure Security Agency (CISA) has created a resource intended to assist security staff with making the business case for security improvements, for both physical and cyber, to senior leaders and other personnel who control budgets. It provides statistical data on common physical and cybersecurity challenges, as well as suggestions for first steps and resources to assist organizations in bolstering their security postures. For example, it notes that physical security incidents can result in a 50 percent decrease in productivity, a 20-40 percent employee turnover, and a $500,000 out-of-court settlement. For cyber, it notes that attacks can be especially costly and relates that only 35 percent of small to medium-sized businesses could remain profitable if they lost access to essential data. Making a successfully business case ultimately depends on having and leveraging an in-depth understanding of an organization’s specific vulnerabilities, operational priorities, and the return on investment provided by security improvements, as CISA emphasizes. Access the resource at CISA.