The Importance of Security Strategy Can’t Be Overstated

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Lots of things about cybersecurity are important, but none is as crucial as one specific parameter: security strategy. Everything flows from this. If this gets short shrift, anything and everything can collapse like a house of cards.

So let’s take a good look at this topic, starting with the likely cost of weak strategy. It opens the door to breaches, and the average cost of a data breach is now approaching $4 million, according to Ponemon Institute’s Cost of a Data Breach Report 2020. Meanwhile, nearly half of US companies have unfortunately suffered a breach, says the 2020 Thales Data Threat Report.

In addition to the cost, such as data loss and regulatory fines, organizations also suffer from tarnished reputations, erosion of customer trust and loss of business. It’s particularly painful for small and midsize companies, which frequently go out of business in the aftermath of a breach.

Cybersecurity isn’t inexpensive. So, predictably, the best cybersecurity strategy for a business depends largely on whether it is small, midsize or huge. So I’ll offer strategy tips for each category. Regardless of company size, however, a few steps across the board are critical from the get-go. One is to develop an understanding of those assets your company absolutely must protect. To accomplish this, a company needs to review its business processes and determine those that could undermine revenue if their data is stolen or suddenly becomes unavailable.

In addition, all companies have to determine their risk appetite—i.e., the risk they are prepared to accept in pursuit of business objectives. Risk appetites differ, depending on the industry in which the company competes, its financial strength and specific objectives being pursued. Last, small and midsize companies in particular need to assess the ability of their organization to get the necessary security work done. If you have IT/security teams, you need to get a handle on their bandwidth. If you don’t have the resources you need, you have to outsource some of your security work.

Once these considerations are addressed, several steps are appropriate for companies of all sizes. For starters, a company needs a cybersecurity…