Streamline your cloud experience and maximise your cloud investment with Microsoft Azure-aligned public cloud services.
Host all of your workloads in the most appropriate location while experiencing the simplicity of one cloud from Six Degrees.
Enhance your cyber security and safeguard your organisation with our cyber security strategy and advisory, consultancy, and managed services.
Connect your business through a comprehensive connectivity portfolio delivered via our owned and operated core Next Generation Network (NGN).
Secure your productivity on any device, anywhere, any time.
Streamline your hosting with comprehensive colocation services delivered from three UK data centres.
Gain clarity and control of your 5G estate, ensuring ongoing cost efficiencies are managed on your behalf through our managed service.
Gain confidence in your cloud direction and achieve accelerated time to value through our assured and optimised cloud services.
Master today’s complex threat landscape and protect your business with our intelligence-led security services.
Videos and webinars are a great way to digest the latest technology insights.
Our eBooks and whitepapers provide in-depth insights from our experts.
Our thought leaders publish regular blogs on up-to-the-minute topics.
Learn all about the latest news from Six Degrees as we continue to evolve.
We host regular in-person and virtual events for our clients.
Discover how Six Degrees has driven success for others.
Learn how we enable our clients to achieve more; providing superior secure solutions, powered by our passionate people.
We are proud to partner with many of the world’s leading vendors, enabling you to leverage our continual investment in difference-making technology.
Learn how CNS at Six Degrees delivers intelligence-led security services that protect organisations in today’s hostile landscape.
We are committed to operating in an environmentally and socially conscious way. Learn more about our commitments as a business.
We are proud of our secure cloud credentials. Learn why we’re one of the most highly accredited providers in the UK.
We are a friendly and passionate bunch here. Whether you want to work with us or for us, we think you’ll enjoy the Six Degrees experience.
Home » Blogs » How To Present Cyber Security Challenges to Department Leaders to Prioritise Future Technology Investments
If there’s one thing you can be sure of when it comes to cyber security, it’s that you can never be sure of anything. The cyber security landscape has never been more hostile or complex, and changes to the working world brought about by COVID-19 have introduced risks that all organisations need to mitigate.
The hybrid working world of 2022 looks very different to the office-centric world we left in 2020, and technology has been instrumental in facilitating our new hybrid working lives. But as our working patterns have changed, so have the threat vectors through which hackers can target us to launch damaging cyber-attacks.
In order to protect ourselves and our organisations, we need to adapt our cyber security postures accordingly. This involves investment. But buy-in for this investment can be difficult to obtain if your department leaders see cyber security as a cost they could do without – or if they believe they lack the budget to address the issue in the first place.
If this is something you are struggling with today, the best way to get your department leaders on-board may well be to present cyber security challenges through a cost-benefit analysis approach. In this blog we’ll take a look at the true cost of cyber-attacks, and explain how a cost-benefit analysis approach is the best way to get the investment you need to address them.
When calculating the cost of cyber-attacks to departments, there are typically three areas that are measured: cost to fix, productivity loss and reputational damage. We’ll run through these one at a time.
These key areas are essential considerations when calculating the true cost of cyber-attacks. However, if they still feel a little intangible, we’ll take you through a costed example in the following section.
Consider an outage at a 50-person office that lasts one day. If the average annual salary in the office is £30,000, one day of downtime will cost the business over £11,400, factoring in a drop in efficiency of 50% for two days.
With ransomware attacks, you should consider the impact both of downtime and of the need to roll-back for an extended period. Recovery from a ransomware infection requires either identification of the time of infection or, more commonly, the recovery and testing of multiple restore points until a clean environment is confirmed.
Let’s say that a ransomware infection impacts a finance system, affecting a team of five users. For our example, the average salary of each staff member is £35,000 per year. It would not be uncommon for the recovery window of such an infection to cause three days of downtime, during which systems are rebuilt and tested, until at last a clean recovery point is found from a week ago.
For the next two weeks, the finance department not only has to recover from three days of outage, but they have also lost the previous week’s work. The efficiency of the team is impacted: not only does the department need to continue to process the normal day-to-day transactions, but they must also spend a considerable amount of time identifying and reproducing the work lost over the next two weeks. The total cost to the organisation is £6,700 for three days of outage only affecting five members of staff!
Put in these terms, the preventative costs of investing in cyber security suddenly don’t seem so extensive when compared to the cost to recover. Let’s now take a look at how presenting cyber security challenges through a cost-benefit analysis approach will help you achieve the investment you need.
A cost-benefit analysis is a method used to evaluate a project by comparing its losses and gains — essentially a quantified and qualified list of pros and cons. Undertaking a cost-benefit analysis is a great way to assess projects because it reduces the evaluation complexity to a single figure. As you can imagine, this makes a cost-benefit analysis an invaluable tool when it comes to explaining the intricacies and selling the value of a robust cyber security strategy to your department leaders.
One of the most important things to emphasise in your cost-benefit analysis is the trade-off between paying to prevent a mess versus paying to clean up a mess. A recent Cabinet Office report stated the estimated cost of cybercrime to the UK economy is a whopping £27 billion. And when it comes to individual attacks, a Sophos survey in April 2021 found that the average total cost of recovery from a ransomware attack has more than doubled in a year, increasing from $761,106 in 2020 to $1.85 million in 2021.
Of course, investing in preventative cyber security measures also comes at a cost. Research firm Gartner forecast that global spending on information security and risk management services will reach $150.4 billion in 2021 – an increase of 12.4% from 2020.
In this context, one thing remains crystal clear: for most organisations, the cost of prevention pales in comparison to the cost of a breach. So how you apply a cost-benefit analysis to get department leader buy-in for your cyber security strategy?
Adopting a cost-benefit analysis approach is all about determining the risks you are willing to accept and comparing the costs of those risks against the benefits. This involves thinking about the direct and indirect risks you face, as well as the direct and indirect costs that could arise as a result of taking these risks. Examples of each include:
It’s helpful to think about both direct and indirect factors when applying adopting a cost-benefit analysis approach. For instance, you might compare:
Developing a cost-benefit analysis approach involves coming up with options that you could undertake to achieve your project’s objectives — so you’ll want to keep breaking things down and playing with various risks, costs and outcomes. This leads naturally on to a discussion around whether existing cyber security resources are optimally deployed.
In many cases, analysis by Six Degrees has enabled organisations to rationalise security services. This delivers not only better cyber security, but proportionally reduced cost that can pay for the implementation of new capabilities. You can read more about our work with central government by visiting our centralised central government hub.
Risk management is all about managing uncertainties. When it comes to preventing costly cyber-attacks, there’s significant value to be found in investing upfront in order to avoid paying a higher price later.
The good news is that today’s executives report being more open to new cyber security strategies than ever before. In 2020, 50% of executives said that they were willing to consider cyber security as a factor in every business decision (compared to only 25% the previous year). Use this as an opportunity to build foundations that will help create a sustainable and safe future.
Fortify your organisation’s security posture by evaluating your…
Planning for the Future of Cyber Security Today…
CHECK and CREST Certified Penetration Testing Services for…
More information on our Privacy and Cookies Policy can be found here: https://www.6dg.co.uk/privacy-cookies/. You can update how we contact you in the future by visiting our Communications Preference Centre here: https://www.6dg.co.uk/preference-centre/.