Every CFO knows about “cost creep”; the slow build up over time of 3rd party vendors and staff to manage programs that contribute to margin erosion. Nowhere in an organization has cost creep become more cannibalistic than data security. With each new threat, or increased compliance requirement, the cost of security goes up eating into an organization’s ability to fund revenue producing programs.
Security breaches make headline stories and the costs associated with fines and corrective actions are so high that senior management is under pressure to spend more money. Even with all of the pressure, many businesses remain unprepared, or, not properly protected from a variety of security threats. While the threats and liability keep the CIO up at night, senior management is often hostile towards additional programs, focusing instead on the banks, card associations, and processors. Cost creep and reduced margins means finding budget for newer more effective data security tools is becoming increasingly difficult; even as the threats become more sophisticated and persistent.
Looking at the cost of data security is sobering. Some organizations have a CIO, CISO, security staff members, data centers, infrastructure costs and multiple 3rd party tools. It’s easy to understand how costs have crept higher and why management is so upset
In addition, retailers face a second problem when managing their data security program, finding qualified professionals. “in February 2016, security researcher CyberEdge Group released the 2016 Cyberthreat Defense Report that surveyed 1,000 IT security professionals. It stated that the lack of skilled personnel increased in 2014, 2015 and 2016 from 2.92, 3.05 and 3.42, respectively, on a scale of 1 to 5, with 5 being highest.” There are two options for resources with cyber security skills: organizations can either hire them from outside or they can train them. Qualified staff often jumps from one company to another.
One way for organizations to control “cost creep” for data security is to consider a Managed Security Services Provider (MSSP). When organizations dramatically reduce their data center footprint, they’re more inclined to outsource security, typically reducing operating costs. One expert writes “Today, large enterprises account for 60% of MSSPs’ revenue in North America. From a cost and benefit standpoint, however it makes more sense for small to midsize businesses to outsource due to the lack of security experts that they tend to have in-house”. For petroleum and QSR retailers, MSSP are an ideal way to control the cost of data security while adding the 3rd party expertise needed to properly manage the program and control cost creep.
Are data security costs creeping up inside of your organization? What is your plan of action?
Talk to Omega. One MSSP, one fixed cost a month, one security service. You don’t have to worry about a thing. Focus on running your business. Call Omega at 636-557-7777 x2451, talk to Peter Guidi. Email peter.guidi@www.omegasecure.com.
