Cybersecurity and Costs

Cybersecurity Costs

By Charles Parker, II

I have consulted with a company recently. They were reviewing the ISO27001:2022 certification. This,

depending on the circumstances, could be a heavy lift or not too bad. This is entirely dependent on the

environment. After the initial review and recommendation, the first comment was the business didn’t

have the budget for the tools, staffing or anything. This left me a bit confused, as the certification

process is not inexpensive.

This reminded me of the budget process. The C-level and senior management don’t at times understand

security’s role. They instead think like an accountant and try to arrive at an ROI (Return on Investment).

This has the propensity to be very difficult. When you try to commoditize this, there are problems.

When I hear this, my thoughts run to how much would a network compromise cost with the additional

ransomware thrown in for good measure, even with cybersecurity insurance? How much would it cost

for your connected medical devices to be breached and malicious code put in the firmware, with three

or four patients feeling the effects?

There are the direct costs, of course, but also the indirect cost of reputational risk. These are a few

things to think through.

About the Author

Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries