Connect with us

Hi, what are you looking for?


Incident Response

Five Reasons to be Thankful for IT Security

After a year of a divisive political climate, Thanksgiving comes at a welcome time.

After a year of a divisive political climate, Thanksgiving comes at a welcome time.

Unlike the political arena, or even other divisions of the technology industry, when working in IT security, people rarely notice when everything is done perfectly. When development delivers that great new mobile app that your customers love, they (deservedly) get plenty of accolades. When security delivers new policies that keep up with every industry standard and regulation, there is no cheering. The more likely response is complaining about the changes that will need to occur in response.

So if you’re a security professional who wants to help upper level management understand how much you really contribute to the organization, and why they should appreciate what are often thankless tasks, read on for reasons to cheer on IT teams this holiday season. 

#1 IT security saves money

Sticky NoteThis one might be controversial, as many see security expenses more like insurance – a line item in case something bad happens. But, in today’s threat environment, it’s not a matter of “if” but “when” a disruptive attack will occur. Whatever the upfront security costs may be, the total is probably less than dealing with the effects and recovery of a data breach, pegged at an average of $4 million by the Ponemon Institute. Poor/no security would invite repeated disruptive breaches. 

#2 IT security retains customers 

The same 2016 Ponemon Institute study revealed that “churn” (loss of customers as a result of a data breach) was highest in the financial, health and service organizations, and lowest in public sector and education organizations. Regardless of what industry you’re in, Ponemon reports that, “The biggest financial consequence to organizations that experienced a data breach is lost business.” Data breaches have a very real effect on customer choices. The more competitive the space, the more likely churn is going to impact customer retention.

#3 IT security improves productivity

Advertisement. Scroll to continue reading.

While cat videos and social media have been disruptive to the productivity of many office workers, they are nothing compared to the attention that a data breach investigation and recovery effort can command from IT teams, communications teams, and even executive leadership. In a white paper titled, “Cleaning Up After a Breach Post-Breach Impact: A Cost Compendium,” the SANS Institute reports, ““In almost all cases, repairing damaged systems, rolling back to a pre-breach state and replacing/repairing the data were consistently mentioned as high-cost items.” Big breaches are now front-page news – they will occupy a commensurate amount of valuable time and disrupt the productivity of those involved. 

#4 IT security will help you keep your job

What do the breaches at the Office of Personnel Management (OPM), Target, and Sony Pictures all have in common? They all cost their CEOs (or director in the case of OPM) their jobs. Increasingly, responsibility for cyber security measures doesn’t just stop with the CISO or CIO, but goes all the way to the top.

# 5 IT security is ethical 

Regulations require compliance, and boards are interested in effective demonstration of policies and controls to satisfy auditors. Audit findings are often a public black eye, and it’s tempting to include compliance here in the final slot. But beyond compliance, much of the regulation we deal with as an industry is in place to protect customers, shareholders and employees. Doing the right things to protect their privacy and intellectual property from those who would abuse that information for personal or competitive gain is the ethical thing to do, regardless of whether the regulations require it or not.

So rather than continue to look at IT security simply as unallocated overhead or a tax on conducting business, consider how you can thank the unheralded security professionals in your organization, who in the best of circumstances, go unnoticed.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.