Optimizing Cybersecurity Costs


Cybersecurity involves everyday decisions about balancing costs that influence defensive
outcomes: where to focus resources, which threats pose the most critical impact, and which
mitigations must be deployed before others.
Problems abound in this endeavor. Cost is not just monetary; resources are finite and scarce. Consequently,
cybersecurity decisions are in danger of suboptimal outcomes and missed opportunities.
In theory, decisions should be made relative to the expected returns on each option. For example, will backups protect against the expected losses from ransomware?
Other alternatives are, by necessity, not pursued. The calculation of ROI (return on investment) determines the value of a particular choice but ignores what might have been.
This is the very definition of opportunity cost: the loss of potential gain from other alternatives when one
alternative is chosen. 6 The money spent on data backups cannot also be used for endpoint protection as a defense against ransomware.


Leave a Reply

Your email address will not be published. Required fields are marked *