Highlights

• With companies in cost-cutting mode, many are looking to reduce security spending.
• Email security offers the greatest ROI in reduction in overall risk
• Email is typically the first step in the attack chain, so increased security can reduce downstream risk.

Budgets are in disarray. With the business climate uncertain, at best, companies across industries and across the globe, are looking for ways to cut costs. Some of that has come in the form of layoffs. Others have instituted furloughs and other cuts.

This process is an attempt to prioritize what is necessary for business operations against what is expendable. Which costs, essentially, are more important than others?

One cost that is absolutely essential is cybersecurity. Don’t think it’s necessary? Think again:

Email—and increasingly cloud-based SaaS apps— is the top attack vector. According to the 2020 Verizon Data Breach Report, 96% of social actions—phishing—arrive via email. Further, 46% of malware was delivered via email.

As the Report noted, “Cloud breaches involved an email or web application server 73% of the time. Additionally, 77% of those cloud breaches also involved breached credentials. This is not so much an indictment of cloud security as it is an illustration of the trend of cybercriminals finding the quickest and easiest route to their victims.”

Further, email and web applications are high in the attack chain, as Lockheed Martin notes.

So not only is email the top target, it’s the first thing hackers go for.

And you’re considering a cut?

Even though there are cuts to be made across many businesses, cutting cybersecurity is actually more expensive. When you invest in better email security, you’ll end up up saving money in the long run.

Act Now, Save Later

The cost of breaches are continually rising.

Accenture found that the average cost of a cybercrime increased to $13 million. The Verizon Data Breach report found that Business Email Compromise attempts are up, as are the cost associated with dealing with them; Gartner found that BECs increased by nearly 100% in 2019 and through 2023, predicts that BEC attacks will continue to double each year, at a cost of over $5 billion to its victims.

Ransomware increased in 2019 by 40%, and in 2020’s first quarter, the average price of dealing with them was over $110,000.

Your company, no matter the size, is a potential cyberattack threat. Accenture estimates that 43% of cyber attacks are aimed at small businesses. More than half of all small businesses suffered an attack in the last year. The cost? An estimate of $200,000.

But had you invested up front in a program that could stop these attacks, you wouldn’t have to make these exorbitant payments. As Accenture notes, “By prioritizing technologies that improve cybersecurity protection, organizations can reduce the consequences of cybercrime and unlock future economic value as higher levels of trust encourage more business from customers.”

Accenture estimates that there’s a whopping $5.2 trillion of future revenues up for grabs over the next five years for organizations that do that sort of investment, and in particular focusing on limiting internal threats, phishing and using technologies that use intelligence and advanced analytics to discover and manage these attacks.

Further, another report estimated that increasing your investment in cybersecurity has an average return on investment of 179%.

The risks are higher. Hackers are exploiting COVID-19 in their attacks, and that, combined with the often lax security of work-from-home setups, means your company is not immune. Because of the increased price of dealing with these attacks, securing your workforce now qualifies as a necessary business expenditure.

Hackers are particularly skilled in forcing end-users to make split-second decisions. When employees are juggling their own work, helping children with schoolwork, with limited WiFi and myriad other distractions, that split-second decision becomes a whole lot more difficult. Even with training, and without as many distractions, the aggregate clickthrough rates grants an attacker of a 1 in 10 chance per employee. Now compound that with untrained, distracted employees, and the risk becomes exponential.

That’s why, tempting though it may be, cutting email security is not the answer. There are too many vectors at risk, too much money on the line to skimp on security. If anything, it’s needed now more than ever.

The longer the crisis goes on, the more sophisticated and clever these attacks will get. The more governmental agencies providing relief, or airlines offering refunds, or hucksters offering vaccines, the more attacks there will be.

As you go through your budgeting process, it’s worth keeping this in mind. A smaller investment in cybersecurity now will help prevent a larger—and potentially devastating—expenditure in the near future.