top of page
The High Cost of Budget Cuts & How One Organization Recovered
Project Information
THE CHALLENGE
Even as the economy slowed to a halt in 2008, cyber threats and attacks kept growing at unprecedented rates. By 2013, modest economic growth was accompanied by the largest number of data breaches on record and an astounding 2001 new threats appearing per minute. The rapid growth in attacks was not lost on our client’s IT director, who had been forced to layoff his entire cybersecurity staff in 2011 after budget cuts. While other people tried to assume responsibility for critical systems, the director knew that the budget cuts had limited his department’s ability to protect the organization.
His problem was not exclusive to public entities; private companies found themselves facing constrained IT budgets, too. Many organizations will trim cybersecurity budgets because they think they are safer than they are. Most data breaches take months to discover, so even organizations that have already been attacked may not realize it. How could an IT director convince a board of commissioners to spend more on information security, despite tight budgets, technical jargon, and the out-of-sight, out-of-mind nature of cybersecurity efforts?
THE CLIENT
Our client is a large municipality in the Southeast, serving roughly one million citizens with more than 300 employees. For confidentiality purposes, we will refrain from identifying the municipality by name or by specific location.
Times have changed since 2008, but cybersecurity threats are more prevalent, costly, and dangerous than ever.
THE SECURANCE SOLUTION
Realizing an assessment was needed, the IT director put out a call for quotes. Securance Consulting responded with a proposal that showed a keen understanding of the issues and scope, for 25 percent of the costs quoted by other firms. We started by establishing a strong relationship with the director and each member of his IT department.
THERE'S NOBODY TO BLAME
Our approach was to make it clear to everyone involved that there is nobody to blame in cases like this. Governments and private companies have to pay careful attention to resources and make tough decisions. It’s not unheard of for problems to arise over time, especially if an organization is constrained by reduced budgets and stagnant revenues.
FIRST THING'S FIRST
The director wanted to address the biggest risks first. Securance consultants worked alongside his staff to identify urgent issues and remediate them within 90 days. This reduced the possibility that something would go seriously wrong during the longer period of full assessment and remediation.
THE COST OF BUDGET CUTS
The assessment period lasted six months and uncovered more than any of us anticipated— resulting in a 300 page report of findings and recommendations. Three years without access to in-house security experts had saved money, but it was clear that a high price had been paid.
AN INVESTMENT IN PROTECTION
After 12 months working together, the IT director took our findings to the board of commissioners and got approval to hire three security experts to replace staff he’d lost at the height of the downturn. We continue to work with him and his team to protect the safety of thei networks and the data of their citizens.
REDUCE COSTS, NOT SECURITY
A comprehensive IT security assessment can help your organization identify weaknesses and remediate risks. Finding a partner that cares as much about your budget as your IT security needs is part of the process. Contact us to find out how we can help.
bottom of page