Insider Intelligence: Making Internal Cybersecurity Profitable

Oct. 14, 2015
After people and products, profitability provides the ultimate justification

This is the third and final installment in my three-part series “The 3 P’s of your Company’s Security” that looks at how we can minimize cybersecurity breaches as well as make our workplaces more secure. The previous two articles focused on the people we hire, train and trust ( and the products we use and resell to our customers ( This segment focuses on profitability.

The prime directive for many of us as shepherds of our respective companies is to achieve our revenue and profit goals. A company’s cybersecurity strategy and risk mitigation plan should be intrinsically interwoven into those important goals. Why, you ask? Here are three important reasons.

Failure to Act

There are profitability dangers for companies who fail to adopt a cybersecurity strategy or who are late followers. Most small- and medium-sized businesses simply do not believe that cyber breaches will impact them, as they believe they have nothing worth stealing. A recent report from McAfee ( found that almost 90 percent of small and medium-sized U.S. business do not use data protection for company and customer information, and less than half secured company email to prevent phishing scams.

The overwhelming majority of companies underestimate the scope of new cyber threats appearing daily.  According to Kaspersky Lab, nearly 200,000 new malware samples appear every day. Timothy Francis, enterprise lead for Cyber insurance for Travelers, said at a recent panel presentation that the majority of cyber breaches actually occur at small and medium sized businesses.  

Let that sink in for a moment. We work extremely hard to make a profit. We use those funds to reinvest and keep our companies healthy. Incorporating a cybersecurity plan helps to reduce the risk of profit loss due to a cybersecurity breach or aftermath.

Incorrect Actions

Companies that fail to implement a clear strategy could waste money or spend on the wrong activities. Without a clear vision and action plan, we could waste time and money with stopgap cyber measures that simply are not effective. A much better idea, after meeting with a trusted advisor and provider, is to implement a well-thought-out cybersecurity strategy that starts with a security assessment of our company, that includes a cybersecurity insurance policy and that clearly defines what is expected of employees, service providers and product vendors.

It does not have to be dramatic and certainly does not have to go overboard. You would never put a retina scanning and fingerprint reader plus ID card and pin number reader just to gain entry to a supply closet that held your company’s toner and copy paper. The same is true for cybersecurity. We need to determine what our biggest vulnerability is when it comes to protecting data and securing our company and then act accordingly.

The accuracy of a security risk assessment is also critical, as those outcomes drive security management decisions. Risk assessments, when performed correctly, also enable spending to be balanced against the business harm likely to result from security failures.

Early Adoption

Early adopters who seize these cybersecurity concerns will be able to use it to their advantage. It can make them more profitable in the short term as they can uncover the customer needs, meet the demands, ease fears and answer the concerns and requirements from end-users.

When selling a security solution, we are always looking for a competitive advantage. Cybersecurity solutions for our customers can be a new, defining moment that makes your company the true trusted advisor and provider.

Ric McCullough is vice president of sales and customer service for PSA Security Network. To request more information about PSA, please visit