Executive is not aware of the risks – “We have a firewall and anti-virus so I think we are covered…”
Executive has bad information – “Hackers only attack the big companies, what would they want from us?”
Executive is a risk taker – “I’ll take the risk, the probability for us getting attacked is low.”
Executive is cheap – “No ROI means no priority.”
Executive doesn’t believe investment in security is worth it – “The loss involved will be so small compared to our revenues. It’s easier to take a chance and write off any losses should they occur.”
Executive is overwhelmed by the size of the necessary investment required to add additional security measures – “We can’t afford Fire Eye, IBM, HP, Palo Alto etc.. those tools are only affordable to the fortune 1000”
Executive believes they are covered when they are not – “Our POS (or EMR) vendor is responsible for our security not us…”
Executive doesn’t believe any investment in cyber-security will have much of an impact – “Big companies have all the tools and they are still getting hacked.”
Have you really thought through the ultimate cost if you are hacked? What if you lose your employees data? Your customer’s data? Your partner’s data? Your intellectual property? Your companies bank account credentials? Your digital contracts? Your digital project management plans? Your companies line of business systems? Your acquisition plans? The list of questions goes on…
What are the costs? Attorney fees (FYI—your board can be held personally liable for not protecting the company), plaintiff demands (fraud reimbursement, civil fines/penalties), fines (credit companies, state & local governments), response costs (PR. forensics, oversight…), reputation damage, loss of customers, financial loss, your job?
Applying cyber security controls to your business does not have to be expensive and can have a positive impact to your bottom line when your employees, partners and customers know that you do a good job of running your organization. #GetNetWatcher.