Jeremy Snyder spoke with Dave Sobel of the Business of Tech Podcast about why IT Security Spend is not a tax
In late July 2022, I had a really enjoyable conversation last Thursday with Dave Sobel about whether cybersecurity and security spending should be seen as a tax or not. If you missed the live stream, and want to get my take (not a tax), here you go.
While you're at it, I also highly recommend Dave's #podcast the Business of Tech.
The conversation with Dave was relatively short, but I enjoyed the opportunity to push back on a few things. Specifically, I feel that many characteristics of taxes are really not applicable for the way companies approach cybersecurity spending. Or at least, they're not how firms should think about their cybersecurity investments.
Taxes are implemented by a nation state or other regulatory entity that everyone is subject to. That entity then sets the amount due, and also decides how that money gets used, on behalf of everyone who pays. Individual firms generally don't get the opportunity to decide how the tax that they paid is used on their behalf.
Firms decide how much to pay on their own. This also means that firms can choose not to pay anything. It's a bad choice, but it's a choice that they can make. Secondly, firms decide how to use that money - how much and for what purposes.
One point that I raised is that people and corporations have a negative view towards tax. There are feelings of resentment, and there are rewards from finding creative ways to minimize your tax bill.
Many firms do feel similarly about what they have to spend on cybersecurity - resentful and looking for ways to reduce the amount spent. However, cybersecurity should be seen as an enabling function - when security is working well, firms can innovate with greater degrees of freedom.
Jeremy Snyder, founder and CEO of FireTail.io, a leading cloud security & cybersecurity company. Discover the crucial importance of API security in today's cloud-based world.
Jeremy Snyder introduces several best practices for securing APIs and the various apps that they connect with.