A new digital trust report has revealed that 27% of business executives view investment in security as having a negative return on investment (ROI). Astonishingly, of the respondents, over three-quarters admitted that they had been involved in a publicly disclosed data breach in the past. This makes the initial statistic difficult to understand, as you’d expect the individuals to have learnt from their previous experiences. However, it seems as though a large percentage have failed to recognise the importance of preventing cyber attacks. If those executives were to get their way, and investment was prioritised elsewhere instead, it would place the business at significant risk.

Limited understanding

One of the major reasons behind executives failing to recognise the value of investing in cyber security is their limited knowledge of the subject. They are more occupied with the profits that are being generated throughout an organisation. In that respect, it’s easy to understand why so many have a negative opinion as investment in security does not directly produce greater profits. Despite this, information security does provide several benefits, many of which are not being considered. Unsurprisingly, only 7% of cyber security professionals agreed with the opinion of a negative ROI being produced. This highlights the difference between those who are specialists in the area, and those who are not.

An unfair metric

Judging security investment by ROI is not the appropriate measure. As discussed, it doesn’t bring in any additional income for a business, but it does provide several other major benefits. The cost of suffering a data breach can be substantial for businesses, so investing in loss prevention strategies is vitally important. The potential money saved from repelling a cyber attack is in itself, a varied form of ROI. A significant one at that.

There are occasions where it remains difficult to prevent a breach, even after investing in security strategies, as hackers continue to think of new ways of gaining access to critical systems. However, the investment should still increase the likelihood of you detecting the breach more swiftly, and in return, reducing response times. Security investment may not make you completely safe from suffering an attack, but it can certainly reduce its impact.

Judging security investment by ROI?

Time for a different outlook.