I’ve had the opportunity to work with some incredibly sharp Finance folks, many of whom are able to deliver on their budgeted results regardless of what curveballs are thrown at them. Some are able to effectively deal with shades of grey while exhibiting a focus on what is best for the company. Others are rigid, run the company with an iron fist, and if not budgeted….it’s not going to be spent…no matter what. It’s the latter approach that I have seen quite often recently and it leaves me scratching my head as to the flawed logic that drives their actions.
As you can imagine, I’ve had the opportunity to watch our team deal with some of the most serious breaches, which are usually reported across most newswires. Breaches that could have easily been prevented, but are now going to cost companies a significant amount to repair, as well as have to rebuild their reputational goodwill with customers…or in some cases, spend more to offset the loss of critical IP. In the midst of these breaches, I’ve seen companies argue whose budget will carry the cost of the response because it wasn’t part of the original plan. They sit and quibble about the lack of Budget dollars in the face of a breach where millions of records have been released or critical IP has been compromised.
Let’s back up though to a point in time prior to the breach. The Cylance team goes in and walks through our technology and displays its absolute effectiveness to the prospective customer. It is all too clear that our solution crushes the traditional antivirus “solution” and would either protect them from malware that has hit their competitors, or in the most optimal display, would have prevented the breach that had just occurred. They’re also shown the efficiency in which our platform operates and places a CPU load in the low single digits, which again, is at the opposite end of the traditional antivirus spectrum that typically has the CPU redlined under an attack. Let’s not even talk about the additional cost of incident response that have to be carried in the event of a breach, which is often in the range of $400-500/hr depending on the seriousness. Don’t like paying legal fees for frivolous actions? Try paying those fees when you know they could have been avoided for the cost of a latte…
As simple as this sounds, it really does come down to the cost of a latte…and this is no joke. Companies cater business lunches for “working meetings”, companies tend to get a bit loose in the wallet for other “business events”, but there is also the retort of “we don’t have any open spend for this area…”. So let me rephrase what you just said: Are you saying that you don’t have any open spend equivalent to the cost of a coffee for each endpoint in your enterprise to ensure the security of your employee records, customer records, and critical intellectual property?
While I certainly don’t like surprises or unplanned spend, we are certainly operating in different times and need to be able to adequately protect the data and prior investments we’ve been entrusted with. It used to be a failed ERP implementation that might cost a CFO or CIO their job, but now it will likely be ineffective security spend and ineffective deployment that will cost jobs. When the situation has the absolute ability to effect revenues and jeopardize key data…the CFO has to be involved and do what is best for the business. Perhaps that’s something to consider when you’re sipping that latte during your transitional networking meetings…
Thanks for reading.