Every business understands their website is a vital building block to establishing an online market presence. However, when it comes to website security, few understand the need or simply feel their company is not at risk.
To make a business case for web security, one must define the target, detail the impact of a hack, outline the mitigation cost and examine any additional benefits of proactive website security. This article will examine those areas to help assist in making a business case for cybersecurity.
Define the target
The headlines often focus on cybercrime against larger organizations, but everyone is a target.
According to a 2015 Duke University/CFO Magazine Global Business Outlook Survey, more than 80 percent of U.S. companies overall have been successfully hacked. Smaller companies (those with fewer than 1,000 employees) were more vulnerable, with 85 percent saying their information systems were compromised.
The Duke Survey isn’t alone in highlighting the target on small companies.
According to Keeper Security’s “The State of SMB Cybersecurity” report, a staggering 50 percent of small and midsized organizations reported suffering at least one cyberattack in the last 12 months.
To determine if an organization is a target for an attack, they must only answer a few questions.
- Does my organization have any electronic data?
- Does my organization maintain a website?
- Does my organization use a website to advertise services or conduct lead generation?
If the answer is yes to any of these questions, then the organization is a potential target for cybercrime.
Impact of a hack
Each year hundreds of businesses, both large and small, experience the theft of confidential information.
These security incidents are often a death blow to an organization, with the U.S. National Cyber Security Alliance estimating 60 percent of small companies go out of business within six months of a cyberattack.
Furthermore, according to the Ponemon Institute, it costs small businesses $690,000 on average to recover from a cyberattack, and for middle market companies, more than $1 million.
An effortless way to calculate a company’s potential cost is by looking at the average cost of a record hacked and multiplying by the total number of customers on file. Ponemon estimates the average value of a record is $158. So, in a small business with 1,000 clients the potential cost is $158,000.
This number factors in both the direct and indirect costs of a hack. Ponemon found the direct cost of a hack in the U.S. was about 34 percent of the total cost of cybercrime. The other 66 percent was associated with indirect costs.
A direct cost is the actually money that is spent as a result of a breach. Examples of direct costs include investigating and fixing the cause of a breach, notifying those impacted and potentially replacing stolen money.
An indirect cost is inherently more difficult to measure, because there is not a direct cash expense. Types of indirect costs include loss of reputation, loss of customers and website down time. The 2017 Cisco Cyber Security Report states 20 percent of organizations lose customers due to an attack, 30 percent lose revenue and 25 percent lose business opportunities.
Cost of Protection
In smaller companies, hacks are typically more likely to occur because the business owner doesn’t have the time or expertise to implement security solutions. However, in today’s market there are scalable solutions available that fit the needs and budgets of organizations of all size and complexity.
These solutions include website scanners, web application firewalls, professional security services, data encryption and more. At a minimum, a company should utilize a scanning technology to detect potential issues such as malware and security vulnerabilities.
According to the Ponemon Cost of Data Breach report, the longer it takes to find and resolve a breach, the costlier it is for an organization. Breaches identified in fewer than 100 days cost companies an average of $1 million less than those that take more than 100 days to be discovered.
Value adds of website security
In addition to mitigating the potential direct and indirect cost associated with a website attack, an organization can also utilize the value adds of website security to help bolster the business case.
These benefits include improved reputation and increased site performance.
To improve reputation most website security solutions will provide the user a badge, notifying visitors that the website is safe and secure. These badges, often called trust indicators, are proven to help increase website conversions.
To improve site performance, website security solutions minimize needless code, remove speed sapping malware and deploy websites on a top-tier content delivery network. More than ever, this extra performance matters. According to a research report published in 2016, by Google owned Doubleclick, sites that load in 5 seconds vs 19 seconds observed: 25% higher ad viewability (and) 70% longer average sessions (and) 35% lower bounce rates.
Help your case
In conclusion, implementing website security solutions will not only protect your website from the harm of a cyberattack, but also boost site performance and trust. Utilizing these facts will help to build a strong business case for cybersecurity in your organization.
To get more information on making the case for website security in your organization, give us a call at 877.456.0634. We will walk you through solutions tailor fit to your organization and provide a complimentary quote.