Adults can learn a lot from children’s fables and fairy tales. And if you’re a C-level executive or sales leader in your company, The Three Little Pigs has a lesson you don’t want to miss. In fact, this little story could save your company millions of dollars, and the hair on your chinny chin chin!
What’s the lesson for executives and sales leaders? Your company is one of the three pigs’ houses, and your approach to security and compliance will determine how well protected you are. Which house sounds like your company?
- Like the house made of straw, your organization has nothing in place to protect sensitive data from the Big Bad Wolf. An attacker has easy access.
- Like the house made of sticks, your company has made minimum effort to secure your data. You may think you’re safe, but it’s a false sense of security and it won’t take a lot of effort for the Big Bad Wolf to get in.
- Like the house made of bricks, your business has taken a proactive approach to security and compliance. You know what it takes to keep the Big Bad Wolf out, and you’re well protected.
But in real life, there isn’t a Big Bad Wolf — there are thousands of them. As an executive leader of your organization, it’s your responsibility to protect the company, for the sake of your people, your customers, and your vendors who all depend on you for their livelihood.
Putting in the minimum required effort to protect the company at a point in time and move on isn’t really an adequate defensive strategy. There’s no real protection in that approach, and you’re doing little more than building a house of sticks. At any point, a bad guy could peek around the corner, see the sticks that are protecting your organization, and jump at his chance.
Cyber Attacks Are the Norm, Not the Exception
Proper security and compliance are very much like the house made of bricks. If you’ve ever seen Disney’s version, the third pig doesn’t simply rely on the bricks alone to protect his house. He had a lock on the door. He had a peep hole in the door. He had a fire in the fireplace. He had turpentine. (I’m not sure exactly what the turpentine did, but he had it!) The third pig didn’t simply use bricks — he took a layered security approach to provide a structured and well-rounded defense against the Big Bad Wolf. There are always multiple ways to get inside, and you’ll need to be prepared at every point of attack.
When your company’s leaders don’t take security and compliance seriously, you’re like the first two pigs. It’s just plain luck if you haven’t been had by attackers yet (and probably don’t have any idea they were in the house already).
According to Ponemon Institute’s latest report, the average data breach goes undetected for 280 days, or nine months. That means from the day your company is attacked, you’re still doing business as usual for three fiscal quarters of the year.
If you aren’t taking security and compliance seriously, you’re playing with your investors’ dollars — and with the personal and sensitive information that belongs to your employees, your customers, and your partners.
Do Security and Compliance Reduce Productivity?
Many business leaders are reluctant to go all-in on security and compliance, because taking things seriously would undermine efficiency and productivity. Perhaps that was true at one time, but this assumption is based on old, stodgy thinking of how people would do things back in the day.
The security and compliance arena has come a long way. It’s like the notion of crossing the street. You can do it safely, or you can do it negligently. If you cross safely, you look both ways, keep your eyes up (not on your cell phone), and cross at the intersection instead of the middle of the block. That doesn’t take any more time than crossing negligently.
Security and compliance won’t reduce productivity. You’ll need to be thoughtful about how you do what you do, but that doesn’t have to grind your operations to a halt. In fact, you’ll actually introduce more efficiencies by establishing a standard set of norms that everyone has to follow. For example, change control is no longer handled through a rat’s nest of emails or chat strings — it’s all organized, standardized, and streamlined in a self-contained system.
The act of layering in a good security and compliance framework ultimately makes your organization more efficient. Not only that, but because of the various defensive layers and alerting mechanisms that you’ve put in place, it serves as an active defensive mechanism for your company that you otherwise wouldn’t have been cognizant of.
What About the High Costs of Security?
Many C-level executives are reluctant to invest in multi-layered security and compliance, because a full-scale security program isn’t cheap. Depending on your organization, it could cost more than $100K per year. The bottom-line calculations just don’t add up favorably.
It’s true that these security measures, in and of themselves, cost money and they won’t generate revenue — but they ensure the stability of your company so that you can keep generating revenue. Every year, businesses of all sizes go from healthy to non-viable in a matter of months. A single attack can bring down an organization.
To get a true sense of the money we’re talking about, it’s helpful to put things in perspective. There’s also a cost if your company is attacked. Ponemon Institute did an in-depth study of average-size organizations and found that a data breach costs a U.S. company around $200 per sensitive record.
Based on that information, you can do a quick estimate of the cost of a single cyberattack to your company. Consider how many sensitive records your organization has. That includes:
- Current and past employee records
- Customer records
- Records that customers have sent you
- Partner records
Even small businesses typically have thousands of sensitive records. At $200 apiece, you’re looking at a hit of millions of dollars for a single event. Ponemon found that the average cost of a cyberattack is $3.86 million. And that cost is increasing every year.
Running those numbers, for every attack you prevent, the annual investment of security pays for itself for another 39 years. Isn’t it worth it to spend several thousand dollars to protect several million dollars?
Some companies rely solely on their cyber liability insurance and believe they’ll come out ahead. But they can’t make a claim if they aren’t investing in the security activities that they attested to doing.
Get the details: Your Cyber Liability Insurance May Not Be Protecting You
Of course, it’s not just the financial costs you need to worry about. Your sales team understands this better than anyone else in the organization.
Good Security Means Better Sales
One of your organization’s greatest frustrations is that you haven’t yet achieved the sales that you desire. You want to sell more, and it’s freaking hard to hit those numbers. Your sales team is living and dying by the next phone call, email, or meeting.
Now imagine you get hit with a preventable cyber attack because you weren’t doing your due diligence. What will those sales numbers look like the day after you’ve announced the breach? What will they look like the next month, and the next quarter? It could take years for your sales to recover from a single incident, because your prospects will look up your company on Google and they’ll see what happened — even years after the event.
If you don’t take security and compliance seriously, it will make life for your sales people a heck of a lot more difficult. But by the same token, when you can show prospects that you’re proactively protecting their sensitive data, you could boost your close rates.
If you look at the competitive landscape to see how it’s trending, you’ll see that companies that aren’t doing security and compliance appropriately are falling behind. Five years ago, that might not have been the case, but today is a different matter. Companies that neglect their due diligence are more likely to lose sales, because customers care about these matters.
More and more, customers are paying attention to the companies that protect sensitive customer data. Frankly, it’s fast becoming the expectation that organizations are taking their security and compliance programs seriously.
Plus, it’s just the right thing to do.
Ready for the Big Bad Wolf?
I’m so passionate about this issue because I’ve held the hands of companies that came to me after getting breached. I know what it’s like to be a business owner who started his company from the ground up. I can only imagine how devastating it would be to have invested blood, sweat, and tears only to have it evaporate in an instant.
That’s why I implore organizations to take security seriously. You have responsibilities to meet. Most data breaches are avoidable, and it doesn’t have to be a monumental challenge, if you leverage the right system.
These days, there’s a Big Bad Wolf around every corner, and they see your company as a tasty little pig. Will you have firm confirmation of a multi-layered defense in place? TCT can help make sure you know where you stand.