Methods on Determining the Investment in IT Security

Introduction

Investment in IT security is an important aspect in any business to help mitigate the risk of security breaches and challenges, which can be internal, such as an attack or a negligent employee, or external, with the use of hackers. The average organizational cost of a data breach, in 2011, was $5.5 million (Olavsrud, 2012). The chart below notes the average cost per record of a security breach, from 2005 to 2011. According to the Ponemon Institute and Symantec, security breaches cost companies on average $214 per compromised record breach, in 2010. In 2011, the average per compromised record breach decreased to $194 (Olavsrud, 2012), but this is still a cost that can be largely avoided. Data breaches compromise any corporation’s reputation and customer’s satisfaction, as well as cost money. It is imperative that companies invest in some type of IT security, so they are protected from intruders, hackers, viruses and malwares, which could cause data breaches. Many types of security breaches are discussed below, with methods to examine how much to invest in IT security following. (see Figure 1)

Figure 1.

Cost Of Exposure To A Security Breach

The costs of security breaches are comprised of loss of productivity, reputation, customer perception, and recovery of expenses. The combination of these costs can create a significant monetary loss for a company when an IT security breach occurs. The cost of a security breach often ranges from thousands of dollars to millions of dollars. Companies need to understand these costs to better be able to reduce and manage them.