Recent studies on cyber attacks in the U.S. outline staggering consequences.  For instance,  Datacenter Dynamics recently reported that cyber incidents in 2016 cost 500,000 jobs and over a $100 billion in financial loss to American companies.

But despite what might seem like an intuitive strategy, “fear” of an attack may not incite C-suite executives to invest more in cybersecurity. The problem is that it is “…very difficult to know the probability of any given attack succeeding — or how big the potential losses might be. Even the known costs, such as penalties for data breaches in highly regulated industries …are a small piece of the ROI calculation,” according to a recent article in the Harvard Business Review (HBR).

Another challenge in securing budget to protect against cyber threats is that, if the company has not been attacked in the past year, many top executives often don’t see the ROI in further cybersecurity protection.

HBR reports that the C-Suite instead sees cyber security as a “finite” problem versus an on-going issue.  Additionally, top executives may not always understand the need for constant proactive attention such as monitoring, updating of services and more.  Many CEOs may think the current anti-virus/firewall tools in place are “enough” to fortify their organization.

However, despite what many top decision makers may think, most organizations are not prepared as they should be.

The Hiscox Cyber Readiness Report 2017 found that 53 percent of the companies assessed were ill-prepared to deal with a cyber attack, and just 30 percent were rated “expert” in their overall cyber readiness.

So how should C-Suite executives approach the allotment of more budget to reinforce an organization’s cyber safety?  HBR writes that organizations need to focus on cybersecurity as a “risk management, not risk mitigation…” proposition.

Grasp the PR Fall-Out in Plain Terms:  

  • HBR writes that many IT executives often speak in technical terms like “packet loss” when trying to secure additional network security budget — which doesn’t usually motivate non-IT personnel. Instead, HBR advises that IT experts outline the specific ramifications of a cyber incident in more plain terms such as the potential “PR fall-out.”  This can include outlining how a data breach could promote unwanted negative media attention – thus shaking the confidence of customers, investors and other key stake-holders.

Outline the “Hidden Costs” of a Cyberattack:  

  • Deloitte writes that there are several “hidden costs” of a cyber attack that many CEOs and other key decision makers are not always aware of:
  • Insurance premiums will rise. According to Deloitte “…it is not uncommon for a policyholder to face a 200-percent increase in premiums for the same coverage, or possibly even be denied coverage until stringent conditions are met following a cyber incident.”
  • Loss of intellectual property. Deloitte writes that the loss of IP is a “…intangible cost associated with loss of exclusive control over trade secrets, copyrights, investment plans, and other proprietary and confidential information…” that can lead to loss of competitive advantage, revenue and more.
  • Increased cost to raise debt. Deloitte cites that “…increased cost to raise debt occurs when, as a result of a drop in credit rating, the victim organization faces higher interest rates for borrowed capital, either when raising debt or when renegotiating existing debt.”


DiamondIT can help you fortify your organization’s network against those that would do you and your business harm and deliver the secure IT solutions your company needs.