This question is always a difficult one. Although the answer is almost certainly a ‘yes’, it is a very difficult thing to measure with any precision. How costly could the damage of a successful data breach be? Well, it could put you out of business for one, or at least lose you your job – and as a result of incidents like these and countless others, organisations are making greater investments in IT security. Indeed Gartner says that worldwide information security spending will grow almost eight percent in 2014 as organisations become more threat-aware. This is mirrored by some of our own research, conducted with Ovum earlier this year, which looked at the the insider threat, showing that 66 percent of organisations are planning to increase IT security budgets as a direct response to this specific type of threat. It’s very important for this spend to be allocated correctly, however, and one would hope that organisations are thinking very carefully about what technologies best defend data at a time where preventing any kind of malicious network ingress is proving frankly impossible.
It does of course help to justify spend in as many ways as possible – you and your business need to know that you are getting as much value as possible for the money spent on security measures. Gartner has proposed some useful ways in which to understand and communicate the benefits of security to the business. This ranges from formalising risk and security programs (as a way to introduce performance measurability) to linking risk initiatives to corporate goals. Risk is a key concept here, with Gartner stating that return on investment is not a good indicator because risk does not return a tangible dollar for dollar value – “the best way to win executive support is to demonstrate business value”.
This is very interesting as it corresponds with a lot of the feedback that we receive from our customers who tell us that, increasingly, security is acting as an enabler to the broader business. Take a trend like cloud computing – the cost, efficiency and scale benefits are undisputed, but the security concerns remain, exacerbated by the likes of the recent iCloud hack. Well, what if you could better address those concerns? What if you could make greater assurances that cloud data will remain defended even in the event of a breach? The security measures that answer these questions actually start to transcend the literal defence of data to become a fundamental element of enabling business progression.