How do you measure the value of security?

For lots of people and businesses of all sizes, security is viewed as something which is an unfortunate cost that simply has to be tolerated. In effect, this gives rise to a tendency to see it as burdensome and a “spend of last resort.” Sadly, few businesses will look to invest in their security and, as a result, they end up spending more to solve problems after they have happened.

We live in a world of contradictions: every company claims they take it seriously; every home owner says they dont want to be robbed; every person says they wouldnt want their identity stolen or their personal wealth taken away. Ask yourself what your approach to security is – is it similar to this? If it is, how much do you invest in your security? Do you see it as an investment or the annoying cost of doing business?

There is an unfortunate, yet simple, fact – it costs more to rectify a problem than it does to prevent it. This may not always seem the case, but that is why finding cost effective security is so important.

For example: You might think that spending £199 on a home CCTV system is too expensive, a waste of money etc. However, if you look around your living room  you can probably quickly see several items worth much more than that for example a TV or a music system. Even if you rely on your insurance, you still have an excess to cover, time for repairs, dealing with the feeling of “being invaded” and, importantly, increased premiums in the future.

A normal policy with a £50 excess and £5 a month premium increase will cost more than the CCTV system in under two years – but even better, having the CCTV system can reduce your insurance premiums. If your CCTV system reduces your insurance premiums by £5 a month, then it has paid for itself in two years.

Despite this, few people get any form of home security system until after they have been robbed. This is absolutely the worst time to do it. Not only have you suffered the costs of the loss, but you have also carried the costs of the security system. This is really the worst approach to take. Prevent the loss before it happens, rather than afterwards. Always keep this in mind.

From a business perspective, things are the same only the numbers get bigger making the need to be proactive with security all the greater.

Using Sony as a good recent example, we may never know how much they “saved” by not investing in proper security measures but it is unlikely to have been enough to cover the damage they suffered in the breach. If Sony had been prepared and willing to invest a relatively small sum (possibly in the region of £500,000) in staff training, IPS, network scanning and vulnerability assessments, it would have prevented a massive PR failure, loss of market value etc. The important point here is that they still had to pay for the security measures. If Sony had invested in its security, it would have paid the same (maybe even less) and it could have prevented the effects of the loss.

Often, especially with Data Protection Act violations and the like, the mitigation measures after a breach are more expensive, need to be more thorough and have to be implemented in a shorter timescale than they would have been if planned in advance.

This does not make good business sense.

Whether you are an individual, a home owner, or a business (of any size) it is important that you invest in your security. Stop viewing it as a cost, which you can cut as needed, and instead view it as a way of protecting your assets and investments over time.

If you concentrate on managing your risks and ensure cost effective security, then you can rest assured that your security investment will repay you many times over.

Halkyn Security

Halkyn Security Consultants.