4 tips to get execs on the information security bandwagon

The latest high-profile security breaches probably have you a little nervous and crossing your fingers that it doesn’t happen to you. If only you could convince the senior execs to beef up the security budget.

There’s some pretty scary stuff happening out in the wild these days. It seems like every week we hear of another major security breach.

You hope it never happens to you because you can’t get the execs to spend the money necessary to bring your systems up to par.

Well, here’s some advice we gathered from industry experts that can help you make your argument more convincing.

Information security pros recommend that you:

  • Quantify the financial cost of a breach — As you well know, it can be difficult to demonstrate the ROI of software and hardware. Instead, estimate what it will cost the company to recover from a damaging security breach. Be sure to include:
    • Regulatory penalties
    • Potential loss of revenue due to downtime or damage to the company’s reputation
    • Costs related to remediating identity theft and credit monitoring services
    • Forensic analysis to determine the scope of the breach
    • Costs related to re-establishing a secure environment
    • The time and equipment it will take to prevent future attacks
    • Legal costs, and
    • A potential decline in the value of company stock (for public companies).
  • Show how security technologies are business enablers — Connecting specific security technologies and the policies that go along with them to areas of risk to the business makes a much bigger impression than trying to sell security for security’s sake. Especially when it’s hard to say with any certainty if and when you might be hacked. Instead, explain how this piece of technology or this software package will help further the business’s goals of protecting customer data, maintaining 99.9% up time, reducing costs, freeing up staff to focus on activities that will add value to the business, etc.
  • Prioritize what needs to be addressed — Put some items on your wish list ahead of others based on the impact a breach would have on different areas of the business. Recognize that you’re competing for limited resources and remember you’re aiming to reduce risk to acceptable levels, not eliminate it entirely (that’s impossible). Be prepared to compromise. Execs will appreciate the effort.
  • Build business relationships within the organization — Don’t shy away from engaging co-workers to understand business requirements. Talk to the people who own the organization’s data and the business processes that use it. Knowing your business inside and out will help you gain the trust of your leaders and make it much easier to win their approval for your proposals.