It Doesn't Pay to Skimp on Cyber-Security

[Commentary] On the heels of the sixth annual National Cybersecurity Awareness Month, information security has been generally accepted as a cost of doing business. The question is how to pay the tab. Confronted by the Great Recession, some states and localities have deferred security spending to survive the budget crisis, making the same kind of Faustian bargain uninsured motorists do when they choose rent and food over insurance premiums. They perilously calculate that they'll catch up eventually and gamble that they can avoid accidents in the meantime. When the bet goes bad, there's hell to pay. Fresh guidance from the U.S. Department of Homeland Security on federal grant prioritization would help. So too would fresh thinking about a unified cyber-security funding model that accounts for potential weak links regardless of whether they are at the center or the periphery of what ultimately is government's shared operating environment.