What is The Impact of Doing Nothing?

During my professional journey as a project manager, I developed several business cases for approval. Most were approved. Some weren’t. Most organisations expected 3 business recommendations, often along with a mandatory 4th one – ‘Do Nothing’ with a deep consequential analysis. As in, what would be the impact if we were not to act as a business.

Today, I lead a cybersecurity professional services firm. When I reflect on that 4th recommendation (Do Nothing) in my current professional practice, I am perplexed at how can ‘Do nothing’ even surface as an option.

To organisations who are considering doing nothing on cyber security matters, I encourage them to reflect on writing a business case. Jot down 5 things that come to your mind as to the consequences of doing nothing.

Here are a few from me:

  1. Loss of data,
  2. Ransomware,
  3. Malware,
  4. Access to email and confidential data,
  5. Loss of customer trust

What are a few of yours?

Let’s reflect. Let’s share our thoughts as we build a culture of ‘cyber security by design’.

And if you are ready to proactively take charge of your cybersecurity,  talk to a consultant!

Similar posts


Optus has been hit with a major cyber attack

In today’s world businesses around the world as well as in Australia, face increasingly sophisticated and innovative cybercriminals targeting what matters most to them; their money, data and reputation. Download our guide to learn everything you need to know about the Optus Data Breach, as well as the nine steps every business around the world and in Australia needs to take to avoid being next.