Determining where and how to best allocate financial and human resources for cybersecurity initiatives is a complicated decision. It can be made even more fraught for those operating within the Department of Defense (DoD) supply chain, including contractors and subcontractors, who must ensure compliance with any number of regulatory frameworks that likely require a costly infrastructure overhaul to achieve. These next-step initiatives— such as compliance with the latest version of the Cybersecurity Maturity Model Certification (CMMC 2.x)—have dense program structures and requirements. When balanced against a company’s tight budget, understaffed workforce and growing cloud and mobile infrastructure, compliance may feel utterly unachievable.
But in making (or perhaps avoiding) a decision to pursue infrastructure overhaul, companies must dust off the scales and ask: Have we budgeted for a data breach?