Data breaches happen when we treat cybersecurity as a destination. If we believe security is complete, this can lead to wishful thinking versus security in the belief that your controls are complete. Security is never complete, however. In believing that it is, you could leave yourself vulnerable to a breach, as
your posture may not necessarily relate to the threats bypassing static controls.
This is a problem, as the costs of a data breach continue to rise year after year. For example, IBM found that the average data breach cost $4.35 million in 2022. That’s 2.6% higher than the previous year and 12.7% greater than the 2020 value. IBM also observed that 83% of organizations experienced more than
one breach in 2022. In response to the costs of having suffered multiple breaches, 60% of respondents revealed that they had increased the price of their services and offerings.The costs identified above don’t account for the reputational damages of a data breach, either. According to Varonis, 65% of consumers
on average lost trust in an organization after it suffered a data breach. Such a dip in business can further strain the data breach victim, threatening its long-term viability.
Fortunately, we can minimize the risk of a data breach by approaching cybersecurity as a journey. It is a process. Even if you know you have work to do, you still need specific guidance to move toward a journey of success versus a journey of no progress. No cybersecurity journey is the same, after all. Yours is unique to you. If you have customers, their cybersecurity journey is unique to them.
To help you plan for your journey, we at the Center for Internet Security (CIS) have created this guide. Its purpose is to help you prepare for your cybersecurity journey so that you can avoid common obstacles and evolve your cybersecurity maturity as smoothly as possible. Over the course of the guide, you’ll learn
a four-step process for planning out your cybersecurity journey. You’ll also receive tips on how you can map your evolving cybersecurity journey to our security best practices and other resources.
As you’ll find out in the next chapter, it all begins with conceptualizing a cybersecurity roadmap.