Is Sony’s data security bombshell a second chance for your IT security budget?
Increasing commodity prices, continued rising healthcare costs and other economic fundamentals are forcing businesses to tighten the noose around budget spending. Oftentimes, IT security is among the first budget hit, or last budget bucket to be filled. Why? Because quite often, IT security is viewed as a cost center, not a core component to overall company vitality, strategy and financial health. Before throwing your IT Security Budget under the bus, consider how Sony has been beaten-up financially, by the recent PlayStation Network security breach.
Sony’s PlayStation Network was recently hacked in April of 2011, with the personal information, and possible credit card data of approximately 77 million accounts compromised. Most recent projections have the breach costing Sony ¥14 Billion, or approximately $171 million USD. Sony’s initial response to the attack against the PlayStation Network was to shut it down. The stock has also taken a hit since Sony went public with the breach, down over 12%, with Sony’s market cap falling a staggering $3.1 billion USD. Unknown headwinds still face the company as a direct result of the breach, such as additional lost revenues, brand damage and the likelihood of legal trouble. A Pandora’s box for any CEO.
While your business may not have the financial clout or brand name of Sony, the impact of a security breach to your organization could be equally devastating. In Sony’s case, what was most alarming, in addition to the lost revenues, brand damage and decrease in shareholder value, was the response Sony took after the breach, which was to shut down the PlayStation Network. Apply that same reactive response to your business and you can begin to the see the potential impact. What if you had to shut down production, or take-down the entire network? What if you had to shut down your web applications or pull payment servers off-line? What would happen if your sales force couldn’t access internal resources for a given period of time? Would your business be impacted financially?
Because of Sony’s misfortune, information security awareness is at the forefront of many executive discussions, making this a perfect opportunity to build a case for an adequate security budget relevant to your businesses security requirements. Oftentimes, an effective fulcrum to improving the visibility of your security budget is to build internal security awareness. Conducting a standards based security program review, based on ISO 27001 or NIST can be a good starting point because the investment is reasonable, and the findings can provide invaluable guidance and direction toward developing a complete information security program.
So dust off that security budget, and give it a second chance. After all, can your business afford not to?