After a year of a divisive political climate, Thanksgiving comes at a welcome time.
Unlike the political arena, or even other divisions of the technology industry, when working in IT security, people rarely notice when everything is done perfectly. When development delivers that great new mobile app that your customers love, they (deservedly) get plenty of accolades. When security delivers new policies that keep up with every industry standard and regulation, there is no cheering. The more likely response is complaining about the changes that will need to occur in response.
So if you’re a security professional who wants to help upper level management understand how much you really contribute to the organization, and why they should appreciate what are often thankless tasks, read on for reasons to cheer on IT teams this holiday season.
#1 IT security saves money
This one might be controversial, as many see security expenses more like insurance – a line item in case something bad happens. But, in today’s threat environment, it’s not a matter of “if” but “when” a disruptive attack will occur. Whatever the upfront security costs may be, the total is probably less than dealing with the effects and recovery of a data breach, pegged at an average of $4 million by the Ponemon Institute. Poor/no security would invite repeated disruptive breaches.
#2 IT security retains customers
The same 2016 Ponemon Institute study revealed that “churn” (loss of customers as a result of a data breach) was highest in the financial, health and service organizations, and lowest in public sector and education organizations. Regardless of what industry you’re in, Ponemon reports that, “The biggest financial consequence to organizations that experienced a data breach is lost business.” Data breaches have a very real effect on customer choices. The more competitive the space, the more likely churn is going to impact customer retention.
#3 IT security improves productivity
While cat videos and social media have been disruptive to the productivity of many office workers, they are nothing compared to the attention that a data breach investigation and recovery effort can command from IT teams, communications teams, and even executive leadership. In a white paper titled, “Cleaning Up After a Breach Post-Breach Impact: A Cost Compendium,” the SANS Institute reports, ““In almost all cases, repairing damaged systems, rolling back to a pre-breach state and replacing/repairing the data were consistently mentioned as high-cost items.” Big breaches are now front-page news – they will occupy a commensurate amount of valuable time and disrupt the productivity of those involved.
#4 IT security will help you keep your job
What do the breaches at the Office of Personnel Management (OPM), Target, and Sony Pictures all have in common? They all cost their CEOs (or director in the case of OPM) their jobs. Increasingly, responsibility for cyber security measures doesn’t just stop with the CISO or CIO, but goes all the way to the top.
# 5 IT security is ethical
Regulations require compliance, and boards are interested in effective demonstration of policies and controls to satisfy auditors. Audit findings are often a public black eye, and it’s tempting to include compliance here in the final slot. But beyond compliance, much of the regulation we deal with as an industry is in place to protect customers, shareholders and employees. Doing the right things to protect their privacy and intellectual property from those who would abuse that information for personal or competitive gain is the ethical thing to do, regardless of whether the regulations require it or not.
So rather than continue to look at IT security simply as unallocated overhead or a tax on conducting business, consider how you can thank the unheralded security professionals in your organization, who in the best of circumstances, go unnoticed.