Why is there still resistance from companies to invest in IS and cybersecurity?

By November 28, 2019 No Comments

*Rodrigo Dantas

Given the growing number of cyber threats and confirmed cases of cyber security breaches and data leakageThere are companies that have sought to adopt mechanisms and procedures to prevent, combat and minimize losses resulting from digital attacks.

However, at a national level, unfortunately, there are still companies (especially small and medium-sized) that are not aware of the risks that such threats pose to their operations and business continuity, not making the necessary investments in information security and cybersecurity.

Investment in Information Security and Cybersecurity

The company is divided into several sectors, each with its own particularities, which come together and form a final piece that should work perfectly. Information security and cybersecurity make this whole process fluid and transparent. Information has great value in a company's processes, development and growth, and as such it needs to be protected and treated with great care and attention. A cyber attack, leakage of sensitive data from companies or customers, employees or partners, can lead to a business crisis, as well as financial damage, loss of brand credibility and lawsuits.

Main justifications given for not investing in Information Security and Cybersecurity

Businesses are often reactive and think of Information Security or Cybersecurity only when they experience cyber attacks and fraud. Usually, they use some justifications for not making investments, such as:

  • Security is very expensive and my business is still starting;
  • First I need to operationalize the business, then I think of security;
  • Security is important, but it is very complex to implement, I will think about it later on;
  • My system is in the cloud, they already do security for me, I don't have to worry about that;
  • My business is not about technology, I don't have to worry about it;
  • My system has never been hacked, so I am safe;
  • My company is still starting, it is not in the interests of hackers;
  • Implementing security in the middle of business will lock / in my business.

Top reasons to invest:

 Based on our experience and in return we highlight some of the reasons to reflect and invest in Information Security and Cybersecurity:

 Protect the company image: Regardless of the company's line of business, it probably has personal customer data in its files. If for some reason this information is accessed by unauthorized persons, the company may suffer damage to your image and loss of credibility.

  • Avoid industrial espionage: Company information that is unprotected may suffer industrial espionage.
  • Preventing Cyber Attacks: Cyber attacks are increasingly common, where sensitive information can be accessed by hackers, as well as installing viruses and malware to affect the company's environment.
  • Ensuring the proper functioning of the business: In addition to the company's anticipated expenses such as rent, labor charges and taxes, not investing in information security can trigger serious financial losses due to the paralysis of the internal systems that support the business.
  • Compliance: For many businesses, the confidentiality of customer information, as well as a matter of credibility, is also a legal obligation.
  • Preserve data over the years: Data must be preserved over the years, and the company must have the means to ensure that it is not lost on changing systems, computers or other reasons.
  • Increase sales: The company needs to provide ways to ensure the protection of its customer data, as well as prevent possible fraud. For example, a secure site where customer data is protected can reach market share and drive new sales.


Enhancing Information Security within a company is paramount to mitigating the risks of cyber security breaches and data leakage, preserving the company's image and ensuring the smooth running of the business.

Given this scenario, companies should understand that information is one of the most important assets and should improve their processes and make continuous investments to ensure confidentiality, integrity and availability.

 * Rodrigo Dantas is GRC and Information Security Consultant at [SAFEWAY]


SAFEWAY is an Information Security consulting company, recognized by its clients for offering high value added solutions through projects that fully meet business needs. During these years of experience, we have proudly accumulated several successful projects that have earned us credibility and prominence in our clients, which constitute in large part the 100 largest companies in Brazil.

Today through 17 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people. SAFEWAY can also help your organization by validating compliance and maturity with GDPR (General Data Protection Regulation) and GDPR (General Data Protection Law) considering the business environment to which it is inserted, in order to identify the main action plans for compliance with the regulations, aiming at process improvements and gains for your organization.