The Challenge For IT Directors Getting Security Into Budget

The Challenge For IT Directors Getting Security Into Budget

posted in Cyber-SecurityCyber-Security ● 15 Dec 2017

The digital threat landscape evolves and changes on a daily basis and despite the importance of IT within organisations of all sizes and industries, cyber-security is often undervalued. Due to the nature of threats, it is increasingly difficult to protect environments however, especially with limited or no dedicated budget to do so. 

Cyber-security is the protection of systems, networks and data in cyberspace and is a critical threat to all organisations. 

Importance of cyber-security

Implementing the right cyber-security solution cannot be underestimated as having the right solution in place for your environment can be the difference between mitigating a cyber-attack and having a large-scale data breach. 

To help find cyber-security solutions organisations can use many frameworks to vet solutions, to fully understand that they will be able to reduce the cyber threat. Two popular frameworks used in the UK are ISO 27001 and Cyber Essentials.

To achieve real cyber security, today’s organisations must recognise that software alone is not enough to protect them from cyber threats. The three fundamental domains of effective cyber security are people, processes and technology.

ISO 27001 

ISO 27001 is the internationally recognised best-practice standard for information security management. It forms the backbone of every intelligent cyber security risk management strategy. Other standards, frameworks and methodologies need ISO 27001 to deliver their specific added value. Implementing ISO 27001 accredited solutions will help you protect your information assets in cyberspace, comply with your regulatory obligations, and thrive by assuring your customers and stakeholders that you are cyber secure.  

Getting Cyber-security into the budget

Securing a dedicated budget for cyber-security can begin to become a problem when IT directors and managers are required to sell the benefits of investing into IT security to a finance director or bursar. It is unlikely that a financial decision make will understand the true value of investing into such services and putting together an ROI (return on investment) can be a difficult task at the best of times, bearing in mind cyber-security is very much preventative. 

As well as protecting their critical assets, customer details and operating systems, effective cyber security can help organisations win new business by providing assurances of security processes and measures and the commitment to their supply chain, partners, stakeholders and customers. Relaying this message to finance decision makers is the real task for IT decision makers; one way this can be done is when cyber-security makes headline news and will naturally sway opinions.

So, how do you deal with this?

Being able to get cyber-security into the budget is a case or understanding and explanation. IT managers should ensure that they are not overselling the security and that they do not promise something that cannot be delivered. When sourcing solutions for cyber-security, be it data management solutions or other, ensuring that you can fully understand and explain what the service offering provides and the benefit on a financial level will help.

For example, a service could increase up time by 10% cutting costs by £1000.  

When researching solutions, ensure that they provide demonstrations and trial services, this will enable you to see whether the solutions being offered to you are able to accomplish what you need them to do before taking it to those who will eventually sign off.

 
When explaining the benefit of cyber-security to those who will eventually decide whether to purchase the software; IT managers/directors tend to focus too much on the specific technical benefits a solution would provide in terms of IT. However, unless you have a finance director or bursar with previous experience in IT, they will find it difficult to be able to quantify the benefits being put forward. Instead, IT managers and directors should focus on the return on investments (ROIs); IT managers should aim to relate the benefits they foresee in terms that the finance director would understand i.e. instead of talking about the chances of a data breach being mitigated, talk instead about the cost of solving the issue along with the negative reaction from customers due to a data breach and the potential costs associated. 

•    Understand what the cyber-security solution does. 
•    Understand how the cyber-security solution it works. 
•    Keep the explanations simple. 
•    Keep the explanations concise. 
 

Rise in laptop sales leads to data protection worries

Reading, 6 April 2020 – An unwelcome repercussion of employees snapping up laptops for home working ahead of the coronavirus lockdown has been an even bigger spike in cyber-criminal activity.

Continue reading

O365 cyber attacks stress need for isolated backup

Johannesburg, 17 December 2019 – Office 365 is a prime target for cyber criminals – and it’s not difficult to understand why when Microsoft announced this year that it has more than 180m active commercial users every month.

Continue reading

Game-changing pricing for O365 protection

Johannesburg, 24 October 2019 – Redstor, the company disrupting the world of data management, will demonstrate at the Gartner IT Symposium/Xpo™ in Barcelona how a pioneering technology developed in South Africa slashes the cost of Office 365 protection.

Continue reading