Getting a Return on Your Cybersecurity Investment
okay so Ian do you think there's a problem where benders failed to accurately show their cost versus reward for example is it easy for a customer to work out where this money is going and will it directly resolve their business problem sure it's a really good question return on security investment has been a qualification of an equation and we haven't been able to do for a very long time hmm you know we we've been accused in the past we as an industry have been accused at the past of a sellin asteroid insurance you know it may never happen a lot of people fear that they will never be breached so ignorant is bliss what we help customers with from that point of view as we do what we call a pulse pre post breech exposure analysis so we'll come onto the network we'll use our tools will use a risk-based approach on their network so we'll identify the assets that are critical to them and then we will look at their network to see where they have been breached already we get to conduct one of these where we haven't found a breach on a customer's network so it's a real interest in insight to not only say to a customer because I will say in presentations you're already breached it's an inevitability you need to accept it when I can show them that empirically from the data I've collected from their network it gives them a view of what the what the breach was where that happened what they did and what assets they actually attacked or where they've gone in their network so helps them answer a lot of questions rather than a penetration test or a vulnerability scan which tells them the art of the possible of where people may or may not get in or what is or is not vulnerable I'm going to show them exactly where they got in and how they got about I get you right ok so you show them correctly where that where it's occurred what's happened do you do anything with or do you think it's important that vendors translate that into a business problem when I'm what I mean by that is perhaps ok so this is the instant that we've noticed that occur we've identified using an technology and this is what it means in business terms as far as money is concerned anything's important yet so that's part of that risk process that's fine yes looking at the business what the business does yeah where those assets are how important they are and trying to attach some type of value to a monetary value if you lost this it would be X or Y there was a recent a recent report on by radware that said the average cost of a cyber breach of security breach I'm old enough that it was security when I started in the industry right everybody's gone it's a days but a security breaches 1.1 million dollars so obviously that's that's a that's a webfinger near but based on their analysis that's what they're saying that includes the detection and the cleanup costs afterwards I see okay and do you think it in your new experience that C says once they have these information they don't have problems in perhaps trying to explain this to the board so do you think that they they they struggle to try and get that point across to the board I think it as with anything could develop it depends on the experience of the C so what relationship they couldn t have with the board do they report directly into them do they have to report file at CEO or a CRO or a CIO yeah and how that information is delivered some people like pretty pie charts yeah some people want to know where they are being exploited depends on the maturity of the board and some people see security is a cost to be avoided at all costs and those people end up in the news that's it you're hosting them their holidays great thanks again for your time I appreciate your time thanks guys for joining us on our CCO Talks episode and we really like it just subscribe to our videos you can click on the bed icon down here somewhere and please like subscribe share and we'll see you next week for the next one take care
https://youtu.be/rm53c4zl2J0















