- Many cyber security failures can be traced back to sloppiness on the part of the company, Stephen Boyer, BitSight Technologies co-founder and CTO, told CNBC.
- But doing security right also comes down to having the capital to make good security investments, and in those cases smaller businesses may face more obstacles than larger ones, especially in the retail sector.
- Boyer said the top 100 retailers by revenue have been improving their cybersecurity practices, but more needs to be done to ensure they have all their bases covered.
It pays to invest in prevention. Just one cybersecurity event can cost a business an average of $200,000, a figure that is nearly equal to the IT security budget of a typical enterprise, a recent Rand Corp. study estimates.
Retailers often view money invested in IT as money they can't invest in things like inventory. Such businesses may have adequate prevention, but are likely to pay a huge price if they forego investing more money and resources into detection and response.
RSA's second annual Cybersecurity Poverty Index found 75% of the almost 900 respondents said they had a significant cybersecurity risk. But organizations that invested in detection and response technologies — rather than perimeter based solutions — fared better against cyberthreats.