Intelligent CISO Issue 02 | Page 38

A quick , focused and automated response , such as activation of the sprinkler system , should extinguish the flames .
FEATURE
Armour is now working with a number of organisations that can provide specialist technical consultancy and cyberadvisory services , from penetration testing and assurance , to incident management and response , and technical security research .
RAY ROTHROCK , CEO OF Ray REDSEAL Rothrock , CEO of RedSeal
It has long been assumed that a cyberattack could crush a company ’ s stock price , tarnish its reputation and scare off customers . But now there is definitive proof .
Security consultant CGI and research firm Oxford Economics recently conducted an in-depth analysis of 65 companies that suffered cyberbreaches over the past four years . The study found that cyberattacks do in fact have a dramatic impact on companies ’ stock prices , causing an average decline of 1.8 % on a permanent basis . In some cases , breaches have wiped as much as 15 % off a company ’ s valuation .
And that ’ s not all . A similar study by the Ponemon Institute , released in April , revealed that a company ’ s stock price falls an average of 5 % immediately after a breach is exposed . The study also found that companies typically lose US $ 2 million to US $ 4 million in revenue and a third of their customers after a breach .
If these studies don ’ t grab the attention of CEOs and corporate boards , nothing will . They are stark reminders that cybersecurity is a fiscal issue demanding governance and board-level attention , understanding and prioritisation .
But there is a downside to the current cyberdefence approach as well . In fact , an all-out campaign against attacks could potentially lead to an economic downturn . How could this happen ?
Well , consider that the typical organisation ’ s cyberbudget is growing at more than 10 % a year . Now compare that to the typical IT budget overall , which is only growing at around 3 % annually . If this trend continues , it won ’ t be long before the bulk of IT spending is being directed toward cyberdefence .
Why is this concerning ? Because every dollar that a company spends on things not related to its core products

A quick , focused and automated response , such as activation of the sprinkler system , should extinguish the flames .

or research and development ( R & D ) for future innovation weakens its ability to service its customers and build better products . When companies spend more and more of their profit dollars to defend themselves against breaches , that depresses their R & D and innovation and that could eventually slow them down
38 Issue 02 | www . intelligentciso . com