Why Invest in Security?
We all know what we think about security. We know it is a personal and emotional issue for most of us. One person would want all the bells and whistles, arguing that no cost is too great to ensure my/their/our safety. Another might say why spend the money at all when I feel just as safe/unsafe whether I have this or that.
The first person will spend lots on security and the second very little. There is however a common ground for both extremes – both would agree that a burglar bar in front of a ground-level window is normal and necessary. A door that leads outside should have a working lock. Heck… try getting an insurance quote and telling the person you don’t have burglar bars or locks on doors. We know this sounds like silliness but as much agreement there is on basic security there is more disagreement on how to best go about it. Do we go digital (CCTV, alarm, armed response) or do we go physical (burglar bars, security gates, custom furniture, cable locks)? There are choices abound in all of these.
There are a number of possible solutions that have their place and have a track record. The question therefore becomes: “which solution is right for you?” How do you determine what is appropriate?
Over the next few weeks we will deal with the predominant reasons why security is important:
1) It is easy to implement. (part 1)
2) Recovery is hard and with low success. (part 2)
3) Organisations grossly underestimate the real cost of down time (part 3)
4) The consequential damages are not manageable. (part 4)
In this addition we would like to go into the finances of security investment. Why we say it makes sense to spend money on security. We know that between burglary and robbery there were more than 90 000 reported cases at non-residential premises (Crime stats 2018). Let’s assume 20% of those cases reported a laptop, computer or TV stolen. That’s more than 18 000 IT related items stolen. At an average cost of R 10 000 we now have a potential loss calculation:
_______________________________ x 100 = 3,9% or 180 million Rands
Estimated total number of small businesses
(2,4 Mil) (Formula based on SIX SIGMA project ROI calculation)
I.e. roughly 4% of all business will lose in excess of R10 000 worth of IT equipment in 1 year alone. Not costing for downtime or consequential damages. Now, we know that that some people may query the maths on that. We are OK with that; the point is illustrative.
What if we can bring that figure down by 1%? A cost saving 18 Million Rands per year!
We operate in that 1%. We actively try to, after all other measures have been put in place, make sure that there is no chance of picking up an IT asset and walking out with it – except of course if you own it or have permission.
To give some perspective in value:
Let’s assume that the average spending on securing an IT assess against unlawful walk-out is 5% of the asset’s value. We further assume that you have 10 computers at an average cost of R8 000. Hence you are investing R 4 000 to physically secure your R 80 000 worth of computers against theft. We know that you have a 4% chance of an incident that will cost on average R 10 000. What is your return on investment?
The potential loss rate is used as the total project cost and the total security cost (5% of 80 000) is the investment cost expecting a return. Hence:
10 000 – 4000
____________________ x 100 = 75% ROI in the event of an incident
Related to a 4% chance of an incident the real ROI in year 1 is 3% based on incident likelihood.
If considering the total asset values the ROI is significantly higher in the case of an unsuccessful break-in.
Hence, our aim is to physically protect your IT equipment against walking out and keeping financial benefit going your way. A once-off investment that keeps returning value.
Mr. Willem Van Den Brink