I recently wrote an article for the CIO Network on Forbes.com, “The Hundred Billion Dollar Problem No One Is Talking About.” It’s about US corporate data loss, and its dramatic impact on the economy (1.6% of GDP). I asked the readers to consider this national problem on a micro level – at their own companies. A 500 million dollar company will lose $8 million in revenue a year as a result of data loss. That’s significant.

In quantifying the impact data loss has on nearly every company (1.6% of revenue) we are able to tangibly argue that security can positively impact the bottom line. This is a game changer for CIOs and CSOs who struggle to gain mindshare and budget from the executive board.

So, what type of investment needs to be made to save 1.6% of revenue?

I’ll take my own suggestion and think of this problem in terms of the K logix business. By 2018 K logix expects to be a $100 million dollar company, so without continuing our proper security approach, we could expect to lose $1.6 million. Because we hire only veteran and “A talent” our average employee costs K logix about $200,000. Bringing on 2 more senior security experts to help us ensure our security framework remains strong brings our additional spend to $400,000. Still, saving $1.2 million a year sounds good to me.

But that’s just K logix, let’s look at one of our clients who just used our statistics to make a case for data security. This is an international company with revenue of $1.5 billion. They knew their data was exposed, but they didn’t know how, where, or how badly, and as a result, they were unable to get the attention of the executive board. By putting a hard dollar figure to the data loss – 1.6% of $1.5 billion in revenue, year after year - the chief executive was able to understand just how significant the problem of data loss is to his company and the CIO was able to win budget for creating and maintaining a security framework.

Now they have executive buy-in, what’s their first step?

The first step is to create a security framework that is specific to data protection and not an add-on or afterthought to the network infrastructure program. That includes hiring a security expert, not a re-purposed network engineer. In building out the framework, that expert will engage additional seasoned and qualified data security experts, at companies like K logix, who can assess, understand and prioritize data exposures.

The collective team will start by understanding the data the company has - where data resides, where it moves, who accesses it, how it is used, and classifying it based on its impact on the business. An important step is to understand the gap in business stakeholder perception and reality of data. This gap is measured by interviewing stakeholders, and then comparing their comments to results from assessments and analysis of the infrastructure.

The important thing to remember is that data security is a moving target – new exposures, more sophisticated cyber criminals and threats are introduced all the time. Without constant vigilance and the same commitment year-after-year, the program will fail and that 1.6% of revenue will be lost again. Data security is not a one-time fix, it needs to be a mission-level focus of the company.

Hopefully my article on Forbes.com has struck a cord with more than a few of its readers and will get companies thinking of data security in a new way. Did it work with your executives?

And PS, we are looking to hire those two senior security advisors right now, so contact us here if you are a seasoned and veteran security expert and want to join our team