Advocating for security in a financial storm?

Here we go again. Just after the world was pulling itself out of the total economic shutdown of the COVID-19 pandemic, the R word looms on the horizon.

We’ve seen our everyday lives touched by large scale inflation over the past 6 months. Groceries, Gas, common goods, everything is more expensive than it used to be. To combat this, companies have been scaling back. Scaling back their investments in people, look to June for evidence of that in the tech sector. Weekly reports of companies trying to do more with less. It’s the nature of business.

What does that mean for security?

“Security couldn’t possibly cost THAT much right?”

From my days as a CISO, I found that the reality for most security practitioners is that they know all too well the struggles with tools and budgets. Typically, Information Security budgets are less than 20% of overall IT budgets in many organizations.

Expand that to overall company revenue, InfoSec budgets are typically half of a percent of total revenues.

It doesn’t seem to register to boards that security is a living, breathing business unit. Any CISO (myself included) can tell you that yes, InfoSec is its own business unit and requires continued investment to maintain its operating efficiency.

Okay, how do you drive that message home when austerity seems to be the company’s choice?

No CISO, or Security leader is perfect. Salesmanship and Evangelism are powerful tools that leaders need to maintain and develop. We all know that cyber criminals don’t “take it easy” just because the economy is tough all over. That argument falls on deaf ears to boards and decision makers.

What needs to be addressed is InfoSec as a business enabler. InfoSec as a way to safely and confidently allow the organization to run leaner and more efficiently. Create a pitch on how with continued investment in security, leads to doing more with less faster. Metrics are great, but make sure you are evaluating which tells your REAL story, not the one that puts the organization at risk.

Remember, time and economies ebb and flow. These times will pass, advocating that your organization doesn’t lose sight of the light at the end of the tunnel.

Until Next Time!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Stellar Cyber

Stellar Cyber’s Open XDR platform delivers Everything Detection and Response by unifying all currently disjointed security tools and data sources.