Does Compliance Plus Cybercrime Equal Rising Costs?

A finance team talks about cybercrime happening in their industry.

Cybercrime represents a massive risk, and compliance comes with huge costs. How do finance leaders balance the numbers and solve the security formula?

Cybercrime represents both massive risk and financial hardship for organizations. As noted by Fortune, digital crime cost the global economy $450 billion in 2016. What's more, specific attack vectors such as distributed denial of service (DDoS) are on the rise, with DDoS attacks seeing a 172 percent increase through 2016, reports Fortune.

For IT experts, the current environment offers a simple solution — spend more on information security and compliance staff to meet both emerging challenges and bridge a widening "skills gap." For finance leaders, meanwhile, the equation isn't so easy. More staff create budget constraints, while cutting back can leave critical resources undefended. What's the magic formula for fiscal solvency and IT security?

Fine and Dandy

Increasing scrutiny from government agencies and public watchdog groups triggered a tough period for finance firms during the 2008-2009 financial crisis. Amid global economic fallout and increasing cybercrime sophistication, businesses found themselves penalized for compliance missteps and oversights. Since 2007, organizations have paid more than $320 billion in fines as they look for ways to reduce security risk and increase corporate compliance, according to The Boston Consulting Group.

However, Bloomberg reports that the industry is changing, with many businesses saying they "haven't solved the issue yet, but the answer isn't just to chuck more people at it." The result? Firms are cutting back compliance staff.

Costs and Complexity

The problem? As noted by International Adviser, the increasing complexity of cybercrime is now a top risk for financial firms, with 67 percent of global investment bankers pointing to new criminal methods as their biggest concern. Many argue that outdated systems are a barrier to effectively fighting financial crime. If systems don't work with new automation and cloud-based technologies, it can be virtually impossible to keep up with evolving attack trends.

For finance leaders this alters the equation: maybe hiring more staff is the best way to secure corporate data? But Investment Week raises a good point in saying that "surging demand" for compliance and cybersecurity staff has led to mercenary market, where top talents command big salaries and frequently move from firm to firm depending on who has the best offer. Add in the cyberskills gap and it can be difficult to hire strong staff, even if that's the new corporate policy.

Right Staffing

For finance leaders, it can be tempting to see this as a kind of unsolvable riddle, an equation that will never balance on all sides to yield the correct result. To some extent that's true — there's no single "right" answer when it comes to balancing staff spending and reigning in compliance costs. But there may be a way to both limit risk and scale back spending simultaneously with the right staffing.

It's a middle ground that depends on two key factors. First, paying well for highly-trained staff (or training up in-house IT pros to do the job) and treating them well enough that they don't want to leave. This may mean both giving them meaningful work and ensuring they have enough autonomy to get the job done. Next, businesses may need to shift the compliance workload from human staffers to intelligent, autonomous and cloud-based processes that report to IT experts but require minimal guidance. It's solving for X, or spending on staff that offer key cybersecurity skills while trimming back compliance salaries without increasing the risk of corporate fines.

Balancing cybercrime defense and compliance oversight isn't always an easy scenario. By combining highly-skilled staff with sophisticated software, however, it may be possible to reduce total complexity and take your best shot at getting this question right.