Moving a cyber security investment from a necessary evil to competitive advantage

November 28, 2016 by Jerry Heidtke

data center protected with cyber security programs

About the author:

Jerry Heidtke

Information security lead

Jerry has nearly 20 years of experience working in information security in financial services and healthcare. He has been awarded certifications as a Certified Information Systems Security Professional and as an Information Systems Security Architecture Professional.

There is no doubt that when inadequate cybersecurity is exposed in a company's operations, there is an impact to the company's reputation and, often, to the bottom line.

When Target was hacked and had 40 million debit and credit card numbers stolen, direct costs to the company exceeded $100 million and credit card issuers spent over $200 million replacing cards and covering fraudulent charges. After the breach was announced, sales during the all-important holiday shopping season fell between three and four percent, and hundreds of employees lost their jobs. The following quarter, sales fell by a billion dollars. Within six months, Target's chief information officer, president, and CEO had all been replaced.

The monetary benefits of investing in a cybersecurity system

It is not unusual for executives to view spending on system and data security as a necessary evil for avoiding liability without any direct positive return. However, what if a strong cybersecurity program could be viewed as a benefit to both the top and bottom lines?

Companies in the business of providing online financial services of all types have many requirements for compliance with security and privacy regulations and customer demands for strong protections on consumer financial data.

As awareness of the importance of good cybersecurity programs and practices continues to rise, there is an opportunity for those companies that are leaders in establishing such programs to use that fact to differentiate themselves from their competition.

Organizations that go above and beyond what are considered "standard industry practices" are much less likely to suffer the impacts of a major breach of their systems. Hackers are known to look for the "easiest" targets for their efforts; after all they are in business as well and seek maximum return for minimum effort. Security leaders will be open with customers about the effectiveness and capabilities of their cybersecurity programs, and will try to be a model of good security among their business partners and community.

These organizations will be able to use their cybersecurity programs as competitive advantages by making extra efforts to earn the trust of their customers. This requires such actions as being willing to submit to verified independent third-party evaluations of their cybersecurity programs leading to accomplishments like ISO 27001 certification and web site verification which can be used in their marketing efforts and promoted with their customers.

Click here to learn more about NaviPlan and its ISO/IEC 27001:2005 Code of Practice for Information Security Management Systems (“ISMS”) certification.