The Challenge For IT Directors Getting Security Into Budget
The digital threat landscape evolves and changes on a daily basis and despite the importance of IT within organisations of all sizes and industries, cyber-security is often undervalued. Due to the nature of threats, it is increasingly difficult to protect environments however, especially with limited or no dedicated budget to do so.
Cyber-security is the protection of systems, networks and data in cyberspace and is a critical threat to all organisations.
Importance of cyber-security
Implementing the right cyber-security solution cannot be underestimated as having the right solution in place for your environment can be the difference between mitigating a cyber-attack and having a large-scale data breach.
To help find cyber-security solutions organisations can use many frameworks to vet solutions, to fully understand that they will be able to reduce the cyber threat. Two popular frameworks used in the UK are ISO 27001 and Cyber Essentials.
To achieve real cyber security, today’s organisations must recognise that software alone is not enough to protect them from cyber threats. The three fundamental domains of effective cyber security are people, processes and technology.
ISO 27001 is the internationally recognised best-practice standard for information security management. It forms the backbone of every intelligent cyber security risk management strategy. Other standards, frameworks and methodologies need ISO 27001 to deliver their specific added value. Implementing ISO 27001 accredited solutions will help you protect your information assets in cyberspace, comply with your regulatory obligations, and thrive by assuring your customers and stakeholders that you are cyber secure.
Getting Cyber-security into the budget
Securing a dedicated budget for cyber-security can begin to become a problem when IT directors and managers are required to sell the benefits of investing into IT security to a finance director or bursar. It is unlikely that a financial decision make will understand the true value of investing into such services and putting together an ROI (return on investment) can be a difficult task at the best of times, bearing in mind cyber-security is very much preventative.
As well as protecting their critical assets, customer details and operating systems, effective cyber security can help organisations win new business by providing assurances of security processes and measures and the commitment to their supply chain, partners, stakeholders and customers. Relaying this message to finance decision makers is the real task for IT decision makers; one way this can be done is when cyber-security makes headline news and will naturally sway opinions.
So, how do you deal with this?
Being able to get cyber-security into the budget is a case or understanding and explanation. IT managers should ensure that they are not overselling the security and that they do not promise something that cannot be delivered. When sourcing solutions for cyber-security, be it data management solutions or other, ensuring that you can fully understand and explain what the service offering provides and the benefit on a financial level will help.
For example, a service could increase up time by 10% cutting costs by £1000.
When researching solutions, ensure that they provide demonstrations and trial services, this will enable you to see whether the solutions being offered to you are able to accomplish what you need them to do before taking it to those who will eventually sign off.
When explaining the benefit of cyber-security to those who will eventually decide whether to purchase the software; IT managers/directors tend to focus too much on the specific technical benefits a solution would provide in terms of IT. However, unless you have a finance director or bursar with previous experience in IT, they will find it difficult to be able to quantify the benefits being put forward. Instead, IT managers and directors should focus on the return on investments (ROIs); IT managers should aim to relate the benefits they foresee in terms that the finance director would understand i.e. instead of talking about the chances of a data breach being mitigated, talk instead about the cost of solving the issue along with the negative reaction from customers due to a data breach and the potential costs associated.
• Understand what the cyber-security solution does.
• Understand how the cyber-security solution it works.
• Keep the explanations simple.
• Keep the explanations concise.