Should You Just Do the Bare Minimum in Cyber Security?
Hello folks, it’s been a while, I have been busy with work and also went on a short break (I needed it).
In this post, I want to talk about something that I have been observing. Across the industry, there’s a growing trend where companies prioritize cost over value when it comes to security. Many organizations are content with doing just enough to check the necessary boxes, without fully appreciating the long-term implications of this approach. From conversations with peers, it’s clear that this “bare minimum” mentality is more common than it should be.
As someone who’s been in the cybersecurity trenches for a while, I often find myself having the same conversation over and over - with various stakeholders. They come to me for advice on cybersecurity, not because they genuinely want to dig into the issue, but often to validate a decision they’ve already made. And more often than not, that decision revolves around spending the bare minimum on security.
It’s frustrating, to say the least.
Look, I get it - no one likes to spend more than they have to, especially when budgets are tight and every cent is scrutinized. But here’s the thing: cybersecurity isn’t just a line item on a balance sheet. It’s an investment in your company’s future, in its ability to survive and thrive in an increasingly hostile digital environment.
When I’m consulted about the cost vs. value of security, the conversation often ends up in the same place - what’s the least we can do to check the boxes? This approach might save a few bucks in the short term, but it’s a risky game to play. Because when something goes wrong - and it eventually will - the cost of recovery is far greater than the cost of prevention.
Cybersecurity is not about doing the minimum; it’s about being resilient. It’s about being prepared for the inevitable and ensuring that when the storm hits, your company isn’t caught in the flood without a life raft.
Instead of asking, “How little can we spend?” the question should be, “What will it cost us if we don’t invest in our security?” In the long run, proactive investment in cybersecurity is not just a cost - it's a safeguard for the business's future.
You can’t afford not to.
Cheers,
Sivanathan
I agree with you Siva and I believe many of your peers would feel the same way too. The problem may stem from the overwhelming friction from manpower, budget, corporate politics, technology complexities, etc. Cybersecurity leaders definitely do not have it easy. Burn-out is real, and self-care is really important!