Not Investing in Cybersecurity Has ‘Inverse ROI’ (TechTarget)


If the cyberattacks that infected computers in more than 150 countries this month did anything good, they have shown organizations the world over what not keeping systems up to date costs.

Michael Siegel, principal research scientist at MIT Sloan School of Management, researches cybersecurity and critical IT infrastructure and has found that companies investing in cybersecurity save money in the long term. The WannaCry virus affected older machines without the right security patching. So there’s “inverse ROI of not doing cybersecurity,” he said.

“For companies that do it right, they didn’t have disruption; they didn’t have to consider paying a ransom. For companies that don’t do it right, they just learn what it costs to not do it right,” he said.