A security breach is not the worst way to justify a security program, but it is often very effective. Security breaches are more expensive than defensive measures, but this can be difficult to capture. Consolidation or centralization are likely to enable specialization, more effective internal resource allocation, and improve defenses. This is a play on the 10k- forms shareholders receive in the mail. For more information, please see my previous blog post Forget ROI and Risk. Consider Competitive Advantage. You may find a handful that might have traction in your environment.”]
Source: https://taosecurity.blogspot.com/2010/03/ways-to-justify-security-programs-13-cs.html