Risk management and privacy concerns. Digital transformation meets cybersecurity. It's all a part of today's ever-changing business world.
From a business perspective, the Board knows that cybersecurity is critical to the health and reputation of their organizations. What might not be clear to the board is how much to spend on cybersecurity plans and efforts. That’s where you come in.
As a security professional requesting that the board spends more on your cybersecurity strategy can be a daunting feat. Frustrating even. In fact, Gartner estimated that information security spend exceeded more than $124 billion last year worldwide. It's no wonder with cyber threats and crime escalating, year after year.
While the costs might be clear to you, negotiating with the board to approve your budget takes preparation and skill. It comes down to learning "ROI" speak, among other communication tactics, which we'll dive into in this blog post.
Continue reading for tips on how to win over your Board and get the budget you need to safeguard your organization.
Know your Board
Before presenting to your company's Board of Directors and asking them to approve your budget, get to know who they are as people and what sort of professional backgrounds they have. There are a few ways you can do this. Read their bios on LinkedIn. Ask your colleagues who know them for insights.
The reasoning behind this is that you want to tailor your presentation to match their level of expertise. The idea is to speak their language. For instance, if you're having a conversation with board members who have limited technology experience, using industry jargon and acronyms will sound like a foreign language. Not only will what you're saying sound confusing, but your ask to increase your cybersecurity budget will lose steam.
On the other hand, your Board of Directors may have a mix of professional backgrounds, some with IT know-how. In that case, it's best to go light on the industry jargon so everyone in the room can understand.
One way to prepare for your presentation is to present it to someone outside of your department. Ask for feedback. Observe if your audience is following along and adjust the language accordingly.
Knowing your audience is the first step in getting them to side with you.
Remember: It's all about the ROI
Businesses are in business to make money. Your corporate directors are deeply concerned with how any costs impact the bottom line. Knowing this and learning how to speak about the return on investment of your cybersecurity strategy will help you effectively negotiate and defend your budget.
First off, quantify your budget. Identify how much you need and figure out the associated risks and loss in the event of a breach. How much would a breach cost your organization? Then use simple visuals to illustrate the numbers at stake.
Clearly state the following:
- Outline what information and data is vulnerable to theft, and what needs to be protected.
- Explain the probability of a breach occurring. Use a simple statistic relevant to your industry.
- Estimate how much money could be lost because of a cybersecurity breach.
- Explain how your plan would reduce the possibility of a breach.
- Show how much your plan would save time and money for the company.
Doing this will allow the Board to understand your vision, the numbers, and how it ties together to benefit the business. Corporate directors understand risk and money, no matter what their professional background.
Know the Board's agenda and role
The corporate Board of Directors are your organization's champions. They serve to make strategic decisions. It's up to you to help them make those decisions.
Understand what's on their agenda. Perhaps a digital transformation is planned, which is likely nowadays, and you'll want to analyze any associated security risks.
Study your company's history, and gain an understanding of what your predecessors did well and did not do well. Try to find out what the Board has approved in the past and why.
Aligning your department with other department executives within your organization will inform you on what's going on now and what's ahead. The details you gather will help guide your cybersecurity strategy and budget.
[ON DEMAND WEBINAR] CLICK ON IMAGE TO PLAY THE WEBINAR RECORDING
Keep your presentation brief
Get to the point. Keep your presentation as brief and concise as possible to leave ample time for questions. Anticipate as many questions as you can ahead of your meeting. Dig deep and try to unearth answers to what you don't know. Previously, we covered eight popular questions asked by board of directors on our blog. You can read it by clicking here.
The more that you can address their questions, backed with facts and statistics, the more you will be able to build trust.
It takes practice and preparation to deliver a solid presentation for business executives. Remember, if you speak using too much technical jargon, you may fail to get your point across. We discuss how to prevent a communications breakdown between the IT security team and the board of directors, in this blog post.
The good news is that corporate directors are well aware that mitigating cyber risk is a must. It all comes down to the way you communicate and approach the board, so you can get them on board with you.
24By7Security offers Cyber Board Advisory Services. Our highly-trained consultants are well-versed in gaining the Board of Directors' confidence, especially when it comes to cybersecurity programs and budgets. We can advise and educate the board so they can understand cybersecurity concepts and the options to mange cyber risks. Let us help you guide your decision makers, by calling us today.