Why Aren’t Corporations Focusing More on Cybersecurity?

by Brad Garland

With all of the recent news around cybersecurity vulnerabilities at large corporations, it's surprising that companies aren't putting more focus on preventing these incidents. Recently, many corporations -- including Target, Home Depot and Sony -- have suffered significant data breaches. Experts say that the frequency of these attacks is likely to increase because the technology to prevent a breach costs more than the breach itself. This may be true in monetary terms, but the damage to customer relations could be immeasurable.

Your digital information is clearly and inherently vulnerable to hackers. Improving security practices and plugging holes in security systems seems like the obvious solution; preventing identity theft and financial loss should be easier than trying to fix the damage after the fact.

However, your organization's perimeter has too many access points. This exposure occurs because not every access point can be easily identified, which makes it difficult for you to monitor all of them.

Dollarphotoclub_65304532So why aren't companies doing more to protect themselves?


Why Security Isn't Airtight

Corporations suffer great losses in the case of a breach, but these losses are often minuscule compared to their overall revenue. It's easier for companies to write off the losses than it is to spend significant resources establishing complex defense systems. 

According to Target’s 2014 financial release, when the company lost 40 million debit and credit card numbers plus an additional 70 million customer records, the cost incurred was $105 million after insurance coverage and tax deductions. Although this certainly seems like a substantial sum, it only represented 0.1% of the company's 2014 revenue. Similarly, the 2014 Home Depot cybersecurity breach only cost the company 0.01% of their annual revenue.


What About Other Costs?

Breaches in cybersecurity also have more intangible implications. In particular, the opinions and buying decisions of these companies' customers seem likely to be affected by the news of the vulnerability and any inconveniences experienced by the customer -- for example, having to replace credit cards or having to sign up for identity theft monitoring. 

However, the impact of these costs on large companies are difficult to ascertain. Ultimately, if the number of cyber attacks continues to increase, consumers may start to expect that all corporations are inherently vulnerable. If that's the case, then the strength of a large company's cybersecurity defenses may not have a noticeable effect on buying decisions. 

Smaller companies, on the other hand, need to be more wary and implement excellent measures to mitigate cybersecurity risk. If a company's revenue stream is limited, its ability to absorb the financial impact of these sorts of vulnerabilities is considerably restricted. Moreover, a smaller company may suffer more if a certain percentage of its customer base stops using its services or products -- especially if those customers happen to be from the highest-spending tier. The bright side of smaller companies like community banks, however, is that cybersecurity is typically stronger, as they aren’t on the front pages of newspapers and they are more in tune with their data points, exposures and environment. In many cases, smaller companies have actually implemented more best practices than other industries because of the inherent regulatory process.


The best way to protect your company is to do a thorough audit of your network and restrict perimeter connections as much as possible. Although this can be a consuming process, the benefits to your business are immeasurable. If you're not sure where to start, getting advice from an experienced IT security consulting professional may be a great first step.

What are your thoughts on the recent wave of cybersecurity breaches and their impact on companies? Share your perspective in the comments below. Also, feel free to download our free eBook for more information on reducing cybersecurity risk in your institution.