Security Economics
by Ionut Ionescu - Director of Security Services, Nortel (EMEA) - Wednesday, 29 August 2007.
The main idea we need to tell our clients is that security can be a business enabler and not just an “IT cost,” Let’s stop viewing information security through the prism of fear and start to quantify it and, more generally, technology risks and threats in economic terms. At the end of the day, buying decisions are made by business people and not necessarily by technologists, so security investment decisions must make business sense in order to be adopted.

We need to articulate the economics angle whenever we buy or sell security. This should enable us to make rational (economics-based, rather than fear-based) decisions when it comes to security. Let’s not allow fear or the latest technological fad to cloud our judgment. We can and should place economic value on security measures, be they technology, people or processes. If we adopt an economic approach, we can demystify Information Security and make it a friend of the organization. This should benefit both the ‘buy’ and the ‘sell’ side of the market.

Next time you turn on your system at work and it asks you to change your password, you know you’re facing an economic decision. It is always cheaper to comply than to clean up after a security incident. The economic benefit of complying with the security policy will accrue to both you and your organization. Then, you can concentrate on doing what you do best, knowing you’ve done “your bit” to keep your information safe. You know it makes (economic) sense.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th