rocket
domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init
action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /srv/users/serverpilot/apps/ustechportal/public/wp-includes/functions.php on line 6114wordpress-seo
domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init
action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /srv/users/serverpilot/apps/ustechportal/public/wp-includes/functions.php on line 6114breadcrumb-navxt
domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init
action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /srv/users/serverpilot/apps/ustechportal/public/wp-includes/functions.php on line 6114Getting buy-in for cybersecurity strategies like implementing a Zero Trust framework isn\u2019t easy. You have to convince executives and boards that spending more on cybersecurity<\/u><\/a>\u00a0is justified, but you\u2019re often talking to a non-technical, skeptical audience.<\/p>\n The C-suite and board members are likely to see cybersecurity as an abstract concept. It\u2019s often seen as a tech issue rather than a business issue and perhaps an unnecessary luxury as opposed to something necessary to spend on.<\/p>\n This runs contrary to the reality that security experts see happening, which is growing and evolving threats that are increasingly sophisticated and impactful.<\/p>\n The COVID-19 pandemic led forward-looking companies to significantly increase their cybersecurity budgets, especially with more remote work.<\/p>\n Still, there are also many other organizations that are trying to cut back on unnecessary spending in the face of instability and uncertainty.<\/p>\n Heads of IT will have to be increasingly persuasive to show the value of increasing or spending on a cybersecurity budget.<\/u><\/a><\/p>\n Understand that boardrooms are sick of hearing about growing cybersecurity threats if all they\u2019ve seen so far are things operating smoothly. Often boards think they\u2019ve given more and more money to put toward cybersecurity, but all they get in return is requests for more.<\/p>\n The following are things to keep in mind as you\u2019re selling your boss or the board of your company on why spending on cybersecurity should be a key strategic priority.<\/p>\n You have to realize that the board or the executives you\u2019re discussing your cybersecurity strategy with are going to be looking at financials first and foremost. That might even be all they\u2019re looking at, whereas your IT team is likely to calculate things like risk scores in decision-making.<\/p>\n You have to present the potential impact of cyber threats to executives in the financial language they speak. Focus on ROI rather than calculations of probability.<\/p>\n You need to draw a clear line to what they\u2019re investing in.<\/p>\n For example, when the organization is investing in cloud-based security and remote collaboration, show how it\u2019s going to help people who are working from anywhere be more efficient. Show how security and investments in tech have the potential to reduce downtime and protect the company from phishing, data loss, theft, viruses, and malware.<\/p>\n There is some understanding on most people\u2019s part about the effects of ransomware attacks<\/u><\/a>, so this might be a place to focus. There have been high-profile instances of ransomware attacks on major companies in the past couple of years, so an emphasis here could tend to resonate best.<\/p>\n The loss of data could lead to significant financial losses for a company, and this is something else you need to be prepared to convey to decision-makers.<\/p>\n Quantify cybersecurity risks and threats, and then offer a calculation for the effectiveness of your proposed threat mitigation solutions.<\/p>\n One way to speak to decision-makers in financial terms is to provide specific details on the most pertinent threats, along with mitigation approaches and their likely effectiveness. You can integrate into your figures the cost of education, employee downtime, and particular software or technology solutions.<\/p>\n Run simulations to show the best combinations.<\/p>\n To get the attention of the people you\u2019re asking for more money, you might want to run an exercise based on an actual ransomware scenario. Explain how something similar could affect your organization, and then show the detailed measures you want to take to avoid it.<\/p>\n Be thoughtful in choosing the most relevant and realistic exercise.<\/p>\n The goal of presenting an exercise is to get executives and the board to ask questions about cybersecurity, contingency plans, and network security.<\/p>\n Then, if and when they do that, you have the chance to show executives information in a way that\u2019s digestible and can be used to base decisions on.<\/p>\n You can show them where you\u2019re lacking, where you\u2019re doing well, and where your budget will go to bolster your weaknesses.<\/p>\n Don\u2019t be an alarmist when you\u2019re presenting scenarios. Management is likely tired of the scare tactics. Again, if nothing has happened so far, they\u2019re going to be especially turned off by alarmism. Real-life scenarios can help you avoid being an alarmist.<\/p>\n <\/p>\n If you\u2019re able to get the attention of the board, you need to be able to back everything you say up with a targeted, responsible spending plan. You shouldn\u2019t request a budget and then have nothing to show for how you plan to allocate it.<\/p>\n You have to be seen as a responsible spender if you want to maintain credibility.<\/p>\n With this, be ready to explain how you\u2019re going to define and measure ROI<\/u><\/a>. It\u2019s tough to quantify security spending, so you need to potentially get creative. You\u2019re weighing investments against the possible impact of not investing in cybersecurity, so how are you going to justify all of your spending accordingly?<\/p>\n Don\u2019t speak in highly technical terms or use jargon. Speak in business terms. Your biggest goal when presenting anything to executives or the board is to speak as a business person rather than a tech person.<\/p>\n
\n\n
\n<\/h2>\n
Approaching People Who Make the Decisions<\/h2>\n<\/blockquote>\n
\n\n
\n<\/h2>\n
What Does It Mean to Speak in Financial Terms?<\/h2>\n<\/blockquote>\n
\n\n
\n<\/h2>\n
Present An Exercise<\/h2>\n<\/blockquote>\n
\n\n
\n<\/h2>\n
Have a Defined Spending Plan<\/h2>\n<\/blockquote>\n
\n\n
\n<\/h2>\n
Avoid Jargon<\/h2>\n<\/blockquote>\n