The economic downturn has led many companies to cut their IT security budgets. But here’s one way IT may be able to convince upper management to find some more room for security funding:
Emphasizing data security as a fundamental need of the company’s customers and clients.
Most businesses must hold some kind of personal and/or financial information for individual or business customers. And as data breaches have become a big issue in the national spotlight, more people and companies are thinking about security when they decide what companies to do business with.
Companies that experience breaches lose a lot of money due to clients leaving, or potential customers staying away.
That’s why organizations with strong security programs report that the needs of clients served as a major way to justify security spending, according to the recent 2012 Global State of Information Security Survey published by PwC, CSO and CIO.
In the survey of 9,600 executives and IT professionals, 43% of respondents identified their companies as “front runners” in information security, meaning they have an effective security strategy in place and proactively execute the plan.
When asked what factors they used to justify the funding needed to develop and carry out those security strategies, respondents in that category answered:
- Clients’ requirements (50%)
- Legal and compliance concerns (45%)
- Professional judgment (43%)
- Risks of costly data breaches (41%)
- The need to keep up with common industry practices (41%)
As the study’s authors point out, businesses with top-notch security operations are more likely to use the carrot rather than the stick. In other words, the potential for increased sales and revenue helped justify bigger security budgets more so than scare tactics such as emphasizing the risk of losing money due to a data breach.
IT managers can keep that in mind next time they’re arguing for an increase in security funding.