Take the time to work out the cost of an imaginary security breach for your organisation. Suddenly, you will find yourself armed with some compelling and, most importantly, factually based, data to impress your management and fight your corner. Better still, turn the data into a fancy pie chart. That will as good as guarantee results! It seems fair to say that with a little preparation, some policies and procedures in place, and a little discipline during incident handling, a reasonably accurate picture of the damage estimates are easily achievable.

It is much more difficult to put an accurate and realistic figure on many of the other ‘softer’ knock-on effects of a security breach. Something else that must be added in (for companies who use computers as part of their business) is lost revenue. This can vary wildly, depending on the nature of an organisations business. Online retailers, or others whose central business model relies on online sales, will find it easy to calculate loses. Others may not be so concerned.


Loss of reputation is probably the most contentious issue, and the one that the majority of security technology vendors tout as the ‘justification’ for purchasing their products. And don’t forget insurance deductibles. Our friends in TKX have sweaty palms at the very thought. And if you ask me, rightly so.

Predictably, I will end by saying that it pays to invest upfront in IT security, be it technology, training, policy initiatives or prevention mechanisms. In fact, we might even be able to prove it.