Making the business case for DLP

John Stringer at Next DLP argues that DLP still makes financial sense and helps organisations transition from a responsive to a resilient security posture

 

Sometimes, traditional data protection solutions, including Data Loss Prevention (DLP), are considered outdated solutions to yesterday’s problems. For some experts in the field, they’ve been eclipsed by new technologies, like AI-powered NG-SIEM, zero-trust platforms and cloud detection and response.

 

The fact remains, however, that DLP retains its status as a foundational element in any effective data security strategy. For security professionals advocating for DLP, the challenge often comes in articulating the benefits of today’s more advanced platforms, using language that matters to peers and most importantly, business leaders.

 

While many focus on the technical arguments and security functions DLP enables, it’s often more effective to approach it from a business perspective instead. Below are five compelling reasons why DLP is not just a security tool, but a powerful business driver as well:

 

1 Revenue generation

At its core, DLP software is a guardian of the organisation’s most valuable asset: data. By protecting against data breaches and leaks, DLP software preserves the integrity and trustworthiness of the company.

 

This trust translates into customer loyalty, which is directly proportional to revenue generation. When customers know their data is safe, they are likely to engage more deeply, increasing the Average Revenue Per User (ARPU). Moreover, robust data protection lays the groundwork for a culture of data confidence, empowering businesses to safely harness their data for analytics.

 

This secure environment helps businesses find actionable insights, supports strategic decision making, and fuels the innovation of products and services tailored to meet evolving market demands and customer preferences, thereby further amplifying revenue growth.

 

2 Enhancing the software supply chain

Investing in DLP not only fortifies the security of the software supply chain but also brings significant business benefits. Strong data protection measures safeguard the integrity and confidentiality of software code and components from development to deployment. This leads to a more resilient and reliable software supply chain, which is increasingly important in today’s interconnected digital ecosystem.

 

A secure software supply chain is not just about preventing disruptions; it’s about enabling smoother, more efficient operations and fostering innovation. Companies with strong supply chain security are often seen as pioneers in adopting best practices, which can lead to enhanced reputation and competitive advantage.

 

Moreover, a secure software supply chain can streamline and reduce the costs associated with compliance and meeting various regulatory standards.

 

3 Accelerating business development

Investing in DLP has a measurable impact on key business metrics. For instance, Annual Recurring Revenue (ARR) and net new revenue can see an uptick as a result of increased customer trust and reduced churn. A recent Deloitte survey found that customers are up to 50% more likely to remain with brands they believe protect their data effectively.

 

The percentage of sales closed versus those lost due to security concerns can dramatically improve, as DLP addresses one of the primary concerns of modern customers: data security. Moreover, a strong security posture often allows for a higher Average Selling Price (ASP) per deal, as customers are willing to pay a premium for security.

 

4 Reputation management

Data breaches are bad for business, in more ways than one. A Forbes Insight report recently found that 46% of organisations had suffered reputational damage as a result of a data breach and 19% of organisations suffered reputation and brand damage as a result of a third-party security breach. DLP is a great way to defend against this. But what exactly constitutes “reputational damage”?

 

There are quite a few studies that point to reputational damage as negatively affecting consumer sentiment, causing them to take their business elsewhere. However, what are the measurable financial downsides to data breach incidents?

 

One study from the Ponemon Institute provides these kinds of hard numbers, which make for sobering reading. For example, the stock value index of 113 companies surveyed declined an average of five percent the day the breach was disclosed. Companies with a poor security posture were also found to experience stock price drops as high as seven percent, while 120 days post-breach, none of these companies had fully recovered their pre-breach share price.

 

5 Reducing cyber-insurance premiums

It’s a topic that often flies under the radar in the overall cyber-security discussion, but the cost vs benefit debate around cyber-insurance is particularly germane in the current environment. UK cyber-insurance premiums surged 20% in 2023 as increased ransomware attacks and online commerce drove demand for coverage. It’s expected that with the ongoing elevated levels in remote work and expansion of the use of artificial intelligence, the demand for cyber-coverage will only increase.

 

For many businesses, simply not paying for cyber-insurance isn’t an option. It’s simply a cost of doing business that needs to be built into overall fiscal plans. With many other organisations that might not have the financial wherewithal to write off premiums but need the security of insurance to ensure ongoing viability, finding ways to make premiums more affordable is a high priority.

 

There are no simple answers here, but two of the top five recommendations for reducing cyber-insurance costs from a leading audit and insurance industry advisory firm are to train employees and importantly, invest in quality cyber-security tools like DLP.

 

Protecting sensitive data from threat

When making the case for modern DLP solutions, security professionals must stop relying on technical arguments that only appeal to security peers and instead focus on business-based proof points that resonate with senior decision makers and executives, like the ones referenced in this article.

 

When implemented properly, a modern DLP solution can not only elevate an organisation’s data security posture, it can also provide the framework for a more positive security culture in general, empowering every employee to carry out their work on a higher level, and a more secure footing.

 

---

 

John Stringer is Head of Product at Next DLP

 

Main image courtesy of iStockPhoto.com and weerapatkiatdumrong