Data protection: Not investing will actually cost you more than investing

At a time when our daily professional activities require us to be almost constantly connected, whether on a computer, a tablet or a smartphone, cybersecurity is proving to be essential for any organization. Protecting your digital assets means protecting the growth and future of your business in order to remain efficient and sustainable. If there is a need to defend yourself, it is because you are facing experienced hackers, on the lookout for technological developments and waiting for just the right moment to take advantage of human and technical failures. The web has widened access to knowledge, but also cyber-crime. An underground activity that can be very lucrative and rather low risk, due to the relative anonymity of the attackers, especially when they are located abroad. There is only one way to deal with attacks: don’t delay building and consolidating your line of defense.

Cybersecurity: Every organization is concerned

According to the latest Canalys report, in the first quarter of 2020, the global cyber-security market saw a 9.7% annual increase in investments, driven by the acceleration of telecommuting trends. In total, no less than $10.4 billion was invested in “network, endpoint, data, web and email security, vulnerability and security analysis” during the first quarter of 2020.

While the average IT budget of French organizations reaches €24.5 million, the share devoted to cybersecurity is lower than before (9.9% of total IT spending in 2019 versus 10.5% in 2018). The Hiscox report states that, in terms of value, this budget has increased by 24% to €1.46 million.

Investments in cybersecurity should not be limited to sensitive industries such as defense, energy, transport and healthcare. All industries are concerned, because all organizations, regardless of their size, share, protect and use data that may be of interest to hackers (e.g. client files, product inventories, financial information, confidential communications).

It should be noted that small and medium-size organizations are also regularly targeted by hackers (+59%) due to their defenses being supposedly weaker, and often supported by limited resources. A survey conducted in 2019 by IRT SystemX among French SMEs and SOHOs, victims of cyber-attacks, reveals the real consequences, with costs reaching more than €700 million per year.[1] These financial losses can directly impact an organization’s business and reputation.

The same is true for large corporations, with 70% targeted by cyber-attacks. In addition, more of them suffered “repeat incidents” between 2018 and 2019: more than 21% were subjected to 5 or more attacks over the year.

Why invest in cyber-security?

Let’s demonstrate the reverse: What would be the consequences of not investing in cyber-security? Let’s imagine the following scenario: You arrive at work on Monday morning to discover that the company’s computers are locked by ransomware and your customers, who thought they were connected to your Wi-Fi network during their previous visit, have had their smartphones breached.

Admittedly, there are better ways to start the week than realizing you fell victim to a cyber-attack due to a lack of security.

Or one day you discover that your competitor won the deal you’ve been working on for months thanks to confidential data you had stored on a low-security consumer solution. This leak will unfortunately jeopardize your business.

Cyber-risks are known but the techniques used are evolving. Depending on your line of defense, these risks can be mitigated. The insurance principle seems to be the most effective, even if it means paying for a solution in the hope of never having to use it. The resemblance with the airbag of a car is striking: Who would want to buy a cheaper car because it doesn’t come with an airbag? 

This sense of security requires a solution that is suited to the needs of the business, and secure from end to end, as the fees and costs associated with cyber-attacks are considerable. Even more so since the new European regulation (GDPR) became effective.

A study by Deloitte[2] has highlighted the financial impact of a cyber-attack:

Direct costs to be expected:

  • Legal fees and court costs
  • Regulatory compliance
  • Forensics
  • Communication with customers
  • Securing data after the facts
  • Public relations
  • Improving security devices

Hidden indirect costs, often ignored, but real:

  • Increased insurance premiums
  • Loss of customer contracts
  • Loss of brand value
  • Loss of intellectual property
  • Loss of stakeholder confidence
  • Impacts from business disruption

A return on investment difficult to calculate but very real

What would be the financial impact of a cyber-attack? This is a recurring issue for business leaders that is very complicated to predict because it all depends on the types of threats and collateral impacts. This can range from losing a day of work to millions of euros, including losing your data or losing access to your data. “The average amount of losses from all cyber-incidents among organizations reporting an attack has increased to €369,000 this year compared to €229,000 in 2018 – an increase of 61%, with medium and large organizations incurring proportionately higher costs than others.”

Attacks include: ransomware, phone hacking, business email compromise, email account takeover, fake money transfer orders, fake technical support scams, identity theft, poor camera protection, defacing, and bank account theft.

Security has a cost, but postponing investments can cost much more. A hacker only needs one vulnerability to break into your information system. But an organization must mitigate all of them. It is a constant effort that requires specific resources and tools.

Protecting your business from cyber-threats is no longer an option, it is an obligation. No one wants to be accused of negligence if something goes wrong. Securing your assets is far from being a simple operational expense. It is a strategy and an investment that will serve to protect your business, your profitability, your employees and your reputation.


Cryptobox – the secure document sharing and storage solution is free of charge and non-binding for 45 days, more info
Citadel – the secure professional instant messaging solution, free of charge and non-binding.


[1] https://www.irt-systemx.fr/le-cout-additionne-des-attaques-par-cryptovirus-touchant-les-pme-francaises-seleve-a-plus-de-700-millions-deuros-par-an/

[2] https://www2.deloitte.com/fr/fr/pages/risque-compliance-et-controle-interne/articles/cyberattaques-chiffrer-les-impacts.html