Many SMBs believe that security problems are not of a sufficiently high priority to warrant doing anything about!
Many organizations believe they don’t have the IT budget to address many of the security problems they face, such as managing certificates, monitoring social media content, implementing data loss prevention systems that can check for intellectual property or sensitive information sent outside the company without encryption, or retaining content for the length of time required by statute or legal precedent. The argument is that budget is simply not available or the problem is not of sufficiently high priority to warrant doing anything about it.
Although there are reasonably priced solutions available the cost of implementing technology or services can be significant for small to medium sized business that are unaware of the options available. Aside from budget concerns many companys neglect to consider the cost of doing nothing.
The total cost of doing nothing often carries with it a much higher price.
In a white paper published this past July by Osterman Research, it was demonstrated that the cost of major, serious and minor malware and hacker attacks would be about $278,000 for the typical organization over a four-year period (the methodlogy is explained in detail in the white paper). Moreover, the cost of a robust Web security gateway to prevent these attacks vary greatly from $4250 (WebTitan web filter 500 user) to a staggering $108,000 for some solutions. Consequently, the cost of preventing attacks varies and reinforces how important it is for companys to test a variety of solutions, comparing features and prices. The Osterman whitepaper sets out a scenario for a 500-seat organization opting for a more expensive solution and estimates the cost of protection will be about $54 per user per year while the cost of doing nothing (the difference between the cost of attacks minus the cost of the gateway) will be $85 per year, a difference of 57%.
The bottom line is this: when considering the deployment of any new technology, it is critical to consider its TCO. Equally important, however, is the need to consider the total cost of doing nothing, which often carries with it a much higher price.