Let me refine the question: “Do you feel that you are paying too much for IT?”

If you answer “yes”, then you probably have stable infrastructure, a low number of support requests, have not yet suffered from a cyber breach, can recover quickly from any problems, and generally don’t need to worry about IT.

If you answer “no”, my suspicion is that there are missing cyber security and resilience measures that put your business at risk.

The point I’m trying to make is that good IT and cyber security doesn’t come cheap.  (It’s the old adage that you get what you pay for.)

I recently had a conversation with an IT director at a mid-size logistics company.  He shared with me that for years, he had been insisting to senior management that they needed to invest in security improvements.  The response was always “no”.  It went on for so long that the IT director finally stopped asking.

Then, on July 3, 2021, the unthinkable happened: they were compromised with ransomware.  With over 200 staff depending on IT, the disruption was significant.

After the breach, senior management is now approving massive investments into security and infrastructure.

Is it better to pay for something once or twice?  The breach cost the company a lot of money and lost productivity AND the new investment in security?  Had they been proactive, they would only have the investment in security.

A few months ago, we posted a blog about investing in the right equipment the first time and referenced an old Fram oil filter commercial from the 1970’s where the message was “You can pay a little more now; or a LOT more later.”  The same message applies to cyber security.

We encourage everyone to take the advice of that old commercial: proactively investing some more now to avoid a massive reactionary cost later just makes good business sense.