Silver lining of a shifting cybersecurity landscape

Not all of us are bargain hunters, but is there anyone who doesn’t love to score a good deal? Our drive to save is hard-wired. Studies show that when we find and purchase discounted items, our brain releases dopamine, the “feel-good” neurotransmitter.

So, besides the clear financial benefits, it’s no wonder that business owners often aim to be lean and mean. For many of us, it’s a point of pride to feel like we’ve helped our companies hit peak efficiency, whether by reducing unnecessary expenses, optimizing our operational budgets or, ideally, both.

But is there ever a time we should avoid letting cost-cutting rule our corporate decision-making? Absolutely. Chief among them is protecting our data. With cybersecurity, the focus shouldn’t be on fighting the instinct to save. It’s about maximizing our return on investment. The recent convergence of what, at first glance, may seem like conflicting trends — steadily rising business concerns about cybersecurity risks and decreased federal oversight — may be an opportunity to do just that.

Today, cybersecurity is attracting corporate and government attention, albeit sometimes for different reasons. As bad actors ramp up their attacks, the business sector is experiencing growing heartburn over security risks, such as data breaches and ransomware. According to the Allianz Risk Barometer, “Cyber incidents topped the global list of business risks for the fourth consecutive year.”

The survey showed that “operational resilience” is now a key priority. While corporate America is lasering in on cybersecurity, the government is attempting to dismantle related programs and implement planned cuts, including within the Cybersecurity and Infrastructure Security Agency, better known as CISA.

As with any federal government action, the public reviews are mixed. Whether handwringing over the loosening restrictions or rejoicing in the changes, all businesses would be well-advised to capitalize on the shifting landscape to improve their cybersecurity programs. Yes, there’s been a rollback and leveling of security measures, and we could save costs – at least temporarily – if we only wanted to do the bare minimum mandated by the government. However, ignoring or dumping our cybersecurity programs because specific components are no longer required would be a short-sighted dopamine rush.

Instead, we should leverage the freedom of choice to design more robust risk-management cybersecurity programs that better meet our companies’ needs. With the support of an experienced cybersecurity firm, we should conduct a risk assessment to pinpoint potential vulnerabilities within our systems and implement layered controls to identify, protect, detect, respond to and recover from potential threats more effectively.

Again, that doesn’t mean we must abandon all cost-savviness and purchase every flashy cybersecurity tool on the market. An expert can help us take a strategic approach to invest our dollars where they will make the most impact in safeguarding and strengthening our systems.

We all love seeing “your savings” in bold at the bottom of our receipts. Yet, discounting the importance of cybersecurity programs — and suffering the financial and reputational loss from a potential breach as a direct result — isn’t worth it. The cybersecurity landscape is shifting, and businesses may have less government oversight or requirements to meet. But box-checking for federal compliance and using one-size-fits-all measures should never have been our guide. From this cybersecurity expert’s perspective, today’s rollback is just a chance for a reset.

As I’ve told our partners, forget the search for immediate savings. Cyber resiliency, achieved with a thorough risk-management approach, is a much better and longer-lasting reward.

Editor’s note: Chris Wright is co-founder and partner at Arkansas-based Sullivan Wright Technologies. The opinions expressed are those of the author.