News

putting coin in piggy bank

Penny Wise and Pound Foolish

We've all heard the quote but do we really understand the deep meaning. In business, I'm sure many of us have seen decisions made that push a pain point out a little further or put off a needed task to save a buck. It's like this quote was created just for business, unfortunately.

Too often, business leaders put off necessary investments to eek out a little more profit for the quarter. Unfortunately, those delayed investments often would have staved off a far greater expense if they would have just been more timely.

We recently wrote for Talk Business & Politics about the weakening of federal regulations and how those could extend to cybersecurity laws and regulations. We've already seen the Executive Branch's ability to regulate stifled by the Supreme Court's recent Chevron ruling. Now we have an administration eyeing further regulatory cuts. I'm sure some business executives are seeing this as a way to cut expenses and increase profits. Unfortunately, many of those regulations are there to "encourage" businesses to do the right thing, whether that's for the greater good or their own.

Cybersecurity regulations aren't perfect and, in a few edge cases, can force you to implement measures that don't provide appropriate ROI. However, compliance is intended to coax organizations into protecting themselves when they wouldn't otherwise do so. Unfortunately, you can't just wait until you get hurt to start fighting back. Cyber attacks are more like a sniper shot from the other side of the planet. That first shot can kill you.

If a decision maker sees the removal of regulations as permission to ignore cyber risk, they are going to be in a much larger world of hurt very soon. Cyber threat actors don't care about compliance or regulations. They only care about getting in and making money off you any way they can. If you weaken your defenses, you are making their job easier. They won't show mercy.

However, if you take this as an opportunity to customize your program to more tightly fit your needs, you could save yourself some money in the long run and strengthen your defenses against those merciless attackers. A well-designed program will give you a much higher ROI. You may need to spend a little more up front, but it will be worth it.

When it comes to security, let's get out of that American business quarterly P&L only mindset and start thinking about intelligently investing in ourselves over the long term. Without a mindset shift, we are never going to have any level of comfort around our cyber risk.

Read the full TB&P article here: https://talkbusiness.net/2025/05/silver-lining-of-a-shifting-cybersecurity-landscape