I’ve seen a lot of businesses opt to not invest into cybersecurity because they believe it’s a waste of money. The truth is that most of the time they are right, but not because of the reasons they think.

I once had a cyber security expert describe cyber security as “locking the whole house up before you leave. The back door, the front door, the side door, the windows and even locking the keys away”. While to some this may seem excessive, for others this is a wholly necessary part of life.

Before we go into the merits of having OCD when locking the house up, it’s important to note that the one question around cyber security, as no different to home security, is simply whether you have anything of value to protect. So the question is not is it worthwhile to invest in security, but:

There is a simple rule to determine how much you should spend on cyber-security. Namely, spend roughly 1% per year on cybersecurity of the maximum you could afford to lose on your business should you be faced with a cyber attack.

Here in lies the main issue with cyber-security. Companies like McAfee, Norton and Trend Micro have built complete industries around the issue of cyber-security, creating complete solutions on a per device licence basis. This can be a costly exercise in securing every single computer, so it is important to recognise the measures an individual and a business can take in securing itself.

Firstly, the most important step is to identify where you are vulnerable. A high-rise apartment probably isn’t vulnerable to burglary in the same way a house is, but instead may have to deal with securing the balcony for safety. In the same way, some businesses will not be vulnerable to the big issues of cyber security. Most of the issues of security stem from three key factors:

Each of these factors requires its own solution and strategy. To curb this, try identifying where you are most vulnerable and prioritise that.

Much like insurance, cyber security works in terms of premium and pay-off. The more you are willing to spend in both time and money, the more secure you will be. If you determine that you are willing to devote an hour a week to cyber security, then you can look at ways to design processes to minimise vulnerability.

Alternatively you can choose to outsource the security of your business to software, or even a third party. Whatever you do, make sure you know how much you’d be willing to spend and lose.

Ultimately, cyber security is about building a seamlessly secure process. If you lock your house up, you don’t need to constantly check up on it through the trust you have in your locking system. The same can be said for cyber security. Once you set it in place, it should not affect the flow of work or money in the slightest.

So, in short, the answer is yes, you probably do need cyber security. The real question you need to answer is to what degree.