By Jason Rigoli, Principal at The White Oak Group
There are many things that c-level executives know that they need, but don’t necessarily see immediate return on investment from. Take insurance for example. No company would do business without it, but you don’t see a return on your insurance development … until something catastrophic and catastrophically expensive happens … then it’s a different story.
For many of these executives, cyber security falls into the same category. They’re told they need it. Their CTOs and CSOs are pushing hard to invest in cyber security. Vendors are constantly calling asking to speak about how secure their networks are. But what do they get out of it? What kind of return will they see from investing in cyber security?
At last week’s ACG National Capital Monthly Meeting, we had Carlos Solari, the Vice President of Cyber Technology and Services for CSC and former Chief Information Officer at the Executive Office of the President, speak to ACG members about why cyber security is so important today.
The ROI of cyber security was one of the main points Carlos wanted to address. According to Carlos, executives shouldn’t be thinking of cyber security in terms of its ROI, but rather as an instrumental tool in the continued survival of their companies.
The simple fact is a hacker can have access to a computer network in two minutes. From there, the possibilities of what they can do are limitless. In fact, many computer networks have probably experienced at least “passive exploitation,” where a hacker has performed reconnaissance, has mapped the network, has potentially injected code and has identified weaknesses. Things can only escalate from there.
But what damage can be done? One of the largest problems that hacking can cause a company is the loss of intellectual property.
Carlos gave an incredible example of what intellectual property loss could do when he showed two pictures of almost identical buses. The first was designed and produced by a German company and sold for $450,000. The second was identical in every way, but being produced by another company and sold for $150,000.
What happened? The design was stolen, replicated and sold at a fraction of the cost essentially making the intellectual property holder unable to compete for business in some of the largest growth markets. They weren’t getting beaten by a product that was superior to their own, they were getting beaten by their own product, at a fraction of the cost.
Cyber security should no longer be a question of ROI for executives, but a question of survival. Can you company afford to not invest in cyber security?