Have you heard of Fort Point in California USA? Built in 1861 it cost huge amounts of money to build, maintain, keep supplied and running. Yet it was never actually used to provide any protection.
The same thing can and does happen with Cyber Security. No-one has a crystal ball to see the future so figuring out which protection is actually going to provide protection is not simple.
At the end of the day the Cyber Security has to be protecting something of value, and hence the cost to protect it should be smaller than the value that is being protected. So if we use the value as a simple benchmark we can firstly determine if the value justifies the cost. The percentage will vary from industry to business to country, but as a very rough guide we would expect the costs for Cyber Security to be between 1% and 15% of the value. As an example, if the annual revenue of a business is $1million then you should be spending at least $10,000 and up to $150,000 a year on Cyber Security.
Using this as a guide if you are spending less than 1% then you don’t have enough Cyber Security protection and you are sitting on a ticking time bomb before you are hacked. If you are spending more than 15% then you should look to figure out which Cyber Security measure is costing the most but providing the least value and review that Cyber Security benefit.
The other way to look at it is to map the currently implemented Cyber Security Protection measures to leading international cyber security standards such as ISO27001 and figure out the gaps and overlaps. This can help identify where you have too much protection and where you don’t have enough.
Either way when you are thinking about Cyber Security have a chat with the Cyber Security Experts at Vertex. Vertex deal with Cyber Security everyday including protecting what is actually blocking cyber attacks. Vertex can help with your decision process and make sure that you have all the facts.