The real cost of computer security

We recently looked at the burden of security software on the performance of employee PCs, interviewing IT Directors to get their view.  You can read report v116 – Slowed Computers Cost $2.2 Million Annually, but from the title, you get an idea of the bottom line.  If you add security software such as McAfee or AVG to employee desktops, expect to decrease employee productivity by 166 hours per employee per year.  Start to do the math and you may make the same decision we did here at Nucleus.  When a PC has a problem, it’s actually cheaper to throw it away and get a new one (actually, we just reformat it and start over).

It’s no surprise that adding security software to your computer decreases performance.  It’s not as bad as the old days when Norton or McAfee could bring a healthy PC to its knees, but it’s still not good. Software that’s constantly scanning for ransomware and malware while adding management profiles and remote controls takes a measurable share of CPU cycles. The problem becomes when the cost in lost productivity overshadows the expected benefit. At even an entry-level salary, lost productivity adds up to thousands of dollars every year (I’ll leave the conversion to Pounds and Euros to you).

The rash of ransomware incidents has many security managers layering protection onto employee desktops but a more measured approach might be in order.  Limiting the impact of ransomware is more about controlling remote access to your network. That’s a good idea.  What isn’t a good idea is reducing employee productivity by slowing their computers. A balanced approach (see v113 – Are you overspending or underspending on cybersecurity?) that takes into account the odds of an incident with the ongoing cost is in order. Like buying insurance, eliminating all risk can be unreasonably expensive.