Methods on Determining the Investment in IT Security

Methods on Determining the Investment in IT Security

Amanda Eisenga, Walter Rodriguez, Travis L. Jones
Copyright: © 2014 |Pages: 13
DOI: 10.4018/978-1-4666-4856-2.ch002
(Individual Chapters)
No Current Special Offers


Setting aside capital to invest in Information Technology (IT) security is critical in the current digital age. In almost all large (or small) corporations, it is prudent to allocate a sufficient amount of resources to IT infrastructure. However, it is often difficult to determine at what level it is appropriate to invest in IT security in addition to the point at which the rate of return of this investment begins to diminish. This chapter examines methods to help determine the appropriate investment allocation to IT security in addition to how to apply these methods. It also looks at some of the assumptions and pitfalls of each.
Chapter Preview


Investment in IT security is an important aspect in any business to help mitigate the risk of security breaches and challenges, which can be internal, such as an attack or a negligent employee, or external, with the use of hackers. The average organizational cost of a data breach, in 2011, was $5.5 million (Olavsrud, 2012). The chart below notes the average cost per record of a security breach, from 2005 to 2011. According to the Ponemon Institute and Symantec, security breaches cost companies on average $214 per compromised record breach, in 2010. In 2011, the average per compromised record breach decreased to $194 (Olavsrud, 2012), but this is still a cost that can be largely avoided. Data breaches compromise any corporation’s reputation and customer’s satisfaction, as well as cost money. It is imperative that companies invest in some type of IT security, so they are protected from intruders, hackers, viruses and malwares, which could cause data breaches. Many types of security breaches are discussed below, with methods to examine how much to invest in IT security following. (see Figure 1)

Figure 1.


Cost Of Exposure To A Security Breach

The costs of security breaches are comprised of loss of productivity, reputation, customer perception, and recovery of expenses. The combination of these costs can create a significant monetary loss for a company when an IT security breach occurs. The cost of a security breach often ranges from thousands of dollars to millions of dollars. Companies need to understand these costs to better be able to reduce and manage them.

Complete Chapter List

Search this Book: