Opinion

Opposing Forces in a Down Market

CSO Publisher Bob Bragdon observes the classic battle between expense cutting and risk mitigation

By Bob Bragdon, Publisher, CSO

October 07, 2008 — CSO — It seems that every day there is more bad news about the economy. For months now we have watched as the markets have contracted, driven by trade deficits, soaring oil prices and ever-tightening lending markets. As I write this, oil prices have been falling (which is a good harbinger), but inflation is beginning to climb at a steeper pace. And as we have watched the economic climate become more challenging, you can rest assured that your CEOs have watched as well.

I imagine that, by now, you too are under pressure to control expenses in your enterprise as corporate leadership struggles to maintain earnings in an increasingly challenging market. I hear from many CSOs that, while spending isn't necessarily being rolled back (and there is significant pressure to do just that), they are being forced to focus on their top four or five initiatives next year, as opposed to their overall list of 20-plus. This puts CSOs in a difficult position.

In a tightening economy, history has proven that the risks faced by businesses increase significantly. When times begin to get tough for individuals, many will turn to crime to abate their diminishing financial situations. Oddly enough, these criminals operate in much the same way as any business would. To improve performance, they begin by trying to increase their revenue; it's much more acceptable than cutting their expenses.

Electronic attacks will continue and may get worse as criminals seek to exploit vulnerabilities for financial gain. Given the shift over the last several years as electronic exploits have focused increasingly on financial gain, we are at a point where the "bad guys" are well-versed in taking advantage of our dependence on insecure electronic environments. In the physical world, particularly in retail environments, shoplifting ratchets up as individuals and organized groups try that much harder to generate revenue for their own personal gain. Fraud also increases.

Unfortunately, we are setting ourselves up for a classic battle in our corporate cultures as the forces that are trying to cut expenses collide with those who see the need for continued, and maybe even increased, spending on security to mitigate the growing frequency and intensity of potential threats. And the last thing that any CEO wants to hear is, "We can't cut. We need to spend more." Unfortunately, that is the reality.

The challenge for you is, as is often the case, to translate the value of the organization's investment in security into the business value that it delivers to the organization. Whether that value is fewer data breaches, reduced shrinkage or whatever metric you happen to use in your industry, be sure to make that argument now before any cuts are mandated by uninformed leaders whose actions could significantly increase the risk to your business. ##

Other stories by Bob Bragdon, Publisher, CSO

• Email
• Print
• Comments
• Digg This
• SlashDot

• How to Use Metrics
• Opinion: Cutting Security Costs Won't Recession-Proof Your Company
• Cost-Cutting Through Green IT Security: Real or Myth?
• Recession Questions