IT Security: Justifying the Investment

By Emma Crawford

IT Security: Justifying the Investment

We’ve all witnessed how fast cybercrime has increased in recent years. Whether it be from a malicious attack or human error, critical information loss is becoming a common problem for organisations globally. Anyone can be a victim – from the individual credit card holder to large corporations and government departments.

Yet, despite the almost daily news reports of companies suffering a breach or attack, the task of defending IT systems can often sit way down in the list of bosses priorities.

A common belief in SME’s is that they do not have anything worth stealing, while others may not understand the technical implications. With larger organisations, it’s sometimes the case that the board of directors do not participate in key information or IT security strategies – which can make it tricky for IT managers when asking for investment funds. Even for those companies who do place high emphasis on cyber security, only 51% of organisations have actually taken recommended actions to identify risks*.

Another common tendency is understanding the value in spending money on security when perhaps they have been fortunate enough to have not yet been affected by a breach. Others may have become a victim of their own success; if the systems they already have in place has kept the organisation safe, management may be lulled into believing that no threat exists.

Justifying investment

It’s important to show that the money spent on IT security has been well spent. Only 26% of businesses report that their senior managers aren’t told about actions taken around cyber security*. This highlights that a minority of senior managers do not directly engage with cyber security within their organisations and may be divorced from the actions that are being taken, even if they think the topic is important for their business.

There are several reasons why organisations invest in cyber-security. These include:

Protection of company owned and customer data
Protection of intellectual property
Business continuity
Effect of downtime on the organisation
October 2015 saw a massive cyber-attack against TalkTalk. 150,000 customer details were hacked, including 15,656 full bank account number and sort codes. The hack cost the company £60 million and lost it 95,000 customers.
In June 2016, the University of Greenwich suffered its second data breach in just 6 months. It was reported that a hacker managed to get access to the university’s website, stole personal and confidential data, and uploaded details onto the internet.

In November 2016, Tesco Bank halted online payments for current account customers after hackers took money from 20,000 accounts. It is unclear what the long-term effects will be for Tesco, but share prices dipped 1% in the days following, amid fears that the brand could be damaged by the breach.

Creating a security-aware culture

Awareness can also be invaluable in creating a security-aware culture within organisations. Implementing security technology is only half the battle. Many companies fail to understand the value in arming staff with the knowledge to help prevent breaches. By implementing and monitoring an appropriate awareness programme, the security function can become part of everyone’s job.

The list of cyber-breaches just this year is a long one, and with the number of breaches increasing year on year, there is a clear argument for why all organisations should invest in proactive and preventative cyber-security measures.

For a free review of your organisation's current cyber-security measures, please call us on 01284 700015 or email

*statistics from the Cyber Security Breaches Survey 2016

Your Name*
E-mail address*
Website URL