Purpose

The purpose of this memorandum is to discuss about why we should not plan to cut-off 15 % IT budget because of no major Security breaches:
• IT Budget of 15 % cutoff may expose business risk because of not having major security breach
• According to the recent analysis from our Cyber security data scientist teams there are more than 90 % of organizations have faced a security breach after an IT Budget cut-off timeframe
• There are more that 180 million records have also been stolen over the last few years from various organization because of IT budget cutoff, affecting about one in every 12 consumers.
Background

As the MIS Manager for the IT Department at XYZ Company we have been notified from the Vice – President of the company stating about the IT budget cut-off by 15% because of no major security breaches was found over the last few years in our organizations. Security Breaches from cyber threats have been defined as “midst the gravest national security dangers to any country”
Talking about the connection between security Breach and business recital at our organization then we should understand that the Cyber incidents are not essentially more dangerous because the attackers are fiercer and determined than they once were, but the capability to do great harm is simply more attainable via our schmoozed lives. Security breach is a byproduct of novelty.

Executive Summary

The change in our IT budgeting roadmap, and the node timeframe, can effect our organization in multiple security and firstly there could a chance of high risk in security breach because as our vice president mentioned there were no major security breaches over last few years and this impacted in very good business grow with very less impact to our organization because of defence in depth strategy. Our organization cybersecurity team is distinguishing between various types of cyber events everyday such as data breaches (unauthorized disclosure of personal information), security incidents (malicious attacks directed at a company), privacy violations (alleged violation of consumer privacy), phishing/skimming incidents (individual financial crimes) etc. If we accept the plan of cutting the IT Budget for 15 % in our organization, then changes can impact a high risk on our business of having impending security breach because, the current defense in depth control strategy in our organization has helped us to stay away from any of the major security breaches from last few years.

Figure 1: Analysis report of the various types of Attacks Reported, and the Dollar Value of Related Losses from various organization

From figure 1 we can understand that after considering a IT budget cutoff most of the organization faced a major security breach by loosing millions of data and ended up by paying the penalty.

Considering all the major factors which we have discussed above, we would like to conclude recommending from our IT department that we might face a annual loss expectancy with major security breaches by having a IT Budget cut off of 15% in our organization but rather we recommend to increase our capability in mean time to detect, mitigate and respond threats which could lead to have less impact of security breaches with potential less business impact to our organization.