The Reality of Not Being Able to Hire Security Talent
If you’re a small or medium-sized business owner, you’ve likely faced this dilemma at least once. We often hear comments like, “Our client demanded we get ISMS certification,” or “We were asked to submit security documentation.”
However, only a handful of SMEs can afford to hire dedicated security professionals. Employing a full-time specialist with an annual salary of $55,000 to $70,000 is a heavy burden for a company with annual revenues of a few million dollars.
According to a ZDNET Japan article, SOC (Security Operations Center) services starting at around $1,000 per month are gaining attention. The idea is to outsource security monitoring, ensuring a certain level of security without hiring in-house experts.
The key here is the “reversible management” perspective. An investment of $1,000 per month is far more reversible than hiring a full-time employee. You can simply cancel the contract, and the cost of termination is low. This is a prime example of designing decisions that can be undone.
A Practical Solution to “Keep Business Flowing”
The article’s headline includes the phrase “Business decisions that keep transactions flowing.” This hits the core of the issue.
For SMEs, the priority in security measures is often “meeting client requirements” rather than “preventing 100% of attacks.” Losing a client can jeopardize the entire business.
One manufacturing client I supported was asked by a major partner to submit a “report on cybersecurity implementation status.” This was a company with about 30 employees and not even a dedicated IT person. The president was at a loss, wondering what to do.
The solution I proposed was introducing a monthly security monitoring service. The initial costs were low, and the contract could be renewed annually. The president felt relieved, saying, “If it doesn’t work out, we can always go back.”
This case shows that the reversibility of a business decision lowers the barrier to making that decision. If the only option had been “hire a security specialist full-time,” the president would likely have postponed the decision.
Avoiding the Risk of Being Locked In
Once you hire a full-time employee, it’s difficult to reverse the decision. Even if it turns out after a year that “it wasn’t a good fit,” firing them is not easy. There are not only legal risks but also significant psychological burdens.
On the other hand, with a $1,000/month SOC service, it ends when you don’t renew the contract. If the cost-effectiveness isn’t right, you can switch to another service. This “room to reverse course” is the greatest source of reassurance for SME owners.
As stated in the three basic principles of our editorial policy, the attitude of “prioritizing observation over fixation” comes into play here. Start by using the $1,000/month service and observe the actual situation. If you then determine that more advanced measures are needed, you can consider additional investment at that point.
Lessons from Trend Micro’s Organizational Restructuring
The organizational restructuring at Trend Micro, also reported by Toyo Keizai Online, symbolizes changes in the security industry. The established security company is focusing on succession planning and restructuring to survive in the AI era.
The circumstances of a large company like Trend Micro differ from those of an SME. However, what they share is the fact that “the way we approach security is changing.”
While “developing talent in-house” was once the norm for securing security personnel, now “complementing with external services” has become a realistic option. This trend is part of the background driving Trend Micro’s restructuring.
For SME owners, this change is a tailwind. You don’t need to have in-house staff; you can use external professional services only when needed. This is the ideal form of “reversible management.”
Avoiding the Three Traps That Make Decisions Irreversible
Let’s apply the “three traps that make decisions irreversible” from our editorial policy to security measures.
The first trap is “fixing roles and expectations on a person.” Hiring a security specialist as a full-time employee can lead to placing excessive expectations on that individual, making it difficult to change course even if results aren’t forthcoming.
The second trap is “blurring responsibility through contracts and systems.” Even when introducing an external service, failing to carefully review the contract can lead to unclear accountability in a crisis.
The third trap is “proceeding without understanding the actual situation.” Start small and observe the reality. If you do this, you can avoid major failures.
Using SOC as a Reversible Management Tool
The $1,000/month SOC service is a concrete example of “reversible management.” Here are some key points on how to leverage it effectively.
Set an Evaluation Period
Before signing a contract, decide to “evaluate after three months.” Set three criteria: monitoring accuracy, response speed, and cost. If you’re not satisfied after three months, switch to another service.
Clarify What to Observe
Decide in advance what you will monitor. For example, “How many alerts occur per month?”, “How many of those actually required a response?”, and “What is the time from incident occurrence to notification?”
Collecting this data makes the service’s actual performance visible. Understanding the reality makes subsequent decisions easier.
Plan Your Exit Strategy in Case of Failure
If the SOC service doesn’t meet expectations, how will you revert? Will you switch to a cheaper service, or just implement minimal in-house measures? Deciding on exit conditions in advance reduces psychological burden.
Recommendations for SME Owners
Security measures are a pressing issue: “If you don’t implement them, you’ll lose business.” However, that doesn’t mean you have to force yourself to hire staff or introduce expensive systems.
Following the “reversible management” approach, start small, observe the actual situation, and expand as needed. Sticking to this order will prevent major failures.
A $1,000/month SOC service is well worth it as a first step. If it doesn’t work out, just cancel the contract. It’s that simple.
There is no “right answer” in business decisions. But you can leave yourself “room to reverse course.” That margin is the greatest weapon for protecting SME owners.
Comments