The ROI of a Good Security Policy
Blog
Using a computer has never been sexy - witness the many times that Hollywood has tried and failed to prove otherwise - and security policy has never been a sexy topic. It invariably manifests as a chore for employees, who’ll fight every password change, and a burden for the management team, who never welcome the news that yet another potential risk has been discovered. The conversation immediately turns to cybersecurity ROI - when there’s both a financial and opportunity cost to enacting cybersecurity policy, what return should the business expect?
The answer to this question has become steadily easier in recent years, and it’s about to get even easier. First, data hacks have become a common and expensive occurrence across a wide range of businesses. NHS hospitals, Disney and Ticketmaster have all recently suffered hacking attacks, and paying dearly in both financial costs and reputational damage. It’s all hypothetical until it happens to your business, but the chance of that happening steadily increases, and the costs are clear to see: lost productivity, lost clients and lost reputation are all painfully evident in the resulting news coverage.
To add to that, you now need to be mindful of levies charged by the UK government, care of the new Economic Crime and Corporate Transparency Act. Passed in 2023 with subsequent legislation arriving over the next two years, it introduces a new level of legal compliance which surpasses conventional cybersecurity company policy to include some of your foundational business operations.
That’s down to the new “failure to prevent fraud” legislation, to be introduced under the ECCT Act. It will require your business to take active, demonstrable steps to prove how you prevent fraud from taking place, and they’ll need to apply well down the chain of command. Any “person of significant control” can carry out fraud for which the business could be held liable.
Solving this won’t simply be a matter of deploying cybersecurity software, either. The language of the Act makes clear that active compliance will be required, and regularly re-evaluated, to meet the requirements of the Act. And the ROI? Unlimited - for that’s the potential fine that the Serious Fraud Office can charge if it deems your anti-fraud processes are inadequate.
Under the type of regulations that will be introduced by the ECCT, Workiro’s document management can become an integral part of your business’s cybersecurity policy, ensuring that your workflows are both secure and rigorously managed. The Workiro platform enables cost-effective internal processes that can form the foundation of ECCT compliance, and you’ll get an ROI from operational efficiencies along with the cybersecurity ROI.
To learn more about the requirements of the ECCT and how you can prepare for them, sign up for our upcoming webinar “Trading in the UK? You need to comply with the ECCT Act”, hosted by Workiro’s CISO Luke Keily. Luke’s career included twelve years investigating cybercrime for law enforcement before moving into corporate security, so he has deep experience in both tracking and preventing security breaches.
He’s joined by Robbie Hadfield, Director of Solutions Engineering at Payhawk: Robbie’s extensive background in finance and accountancy means he’s well-versed in resolving compliance issues with payment and finance, and actively involved in supporting a wide variety of businesses that use Payhawk’s comprehensive tools for monitoring company spend..
