It’s rare to find a CEO or board member who dismisses concerns about cybersecurity for their company. However, the actions taken and supported often fall short in addressing these concerns. While PWC’s 2023 Global Digital Trust Insights reports senior executives worry their enterprise isn’t fully prepared to address heightened threats, the lackluster increase in securing budgets won’t allay this worry — IANS Research found cybersecurity budgets only grew an average of 6% in 2023, much lower than the 17% growth rate in 2022.
“The incremental growth in cybersecurity budgets is insufficient relative to the increases in scope facing security teams,” said Nick Kakolowski, Senior Research Director of IANS Research.
Obtaining buy-in for cybersecurity initiatives from senior leaders is crucial. Following are steps all organizations — from small businesses to enterprises — can take to help achieve executive buy-in for your security strategy.
Are You Speaking Their Language?
Most executives focus on the overall success of the organization. When you present your cybersecurity initiatives, it’s essential to frame the conversation in terms of your organization’s overall objectives, risks, and outcomes.
It’s also important to determine if your C-suite has articulated cybersecurity concerns and be ready to address them. For instance, 73% of CISOs say they feel their governing body/board is overly concerned about ransomware and the potential threat it poses to their organization. If your governing board is apprehensive about ransomware, address it – what you do to prevent, detect, and, if necessary, respond to a ransomware objective that has been realized.
And while you need to be able to discuss the tools and technology you use or need to implement, it shouldn’t be the main focus of your discussion. Focus on your current security posture, where you’ve identified gaps and challenges, and an understandable view of the threat landscape.
Bring the Numbers Home
Sometimes a big number gets attention, but what if you could use a number that’s directly aligned to your organization?
Let’s take the cost of a data breach. In 2023, the average cost of a data breach was $4.45 million, an all-time high. But in presenting this information, what if you took the per-record cost of a data breach – $165 per record involved in 2023 – and aligned that to your organization should you be breached? Ensuring your narrative is focused on your organization’s environment can help you gain more buy-in for cybersecurity.
Spend Now, Save Later
85% percent of CISOs say a reduction in spending would hamper their ability to respond to threats. When it comes to cybersecurity, detecting threats and responding quickly is critical. Without an adequate security budget today, your organization may face a much more impactful financial burden if a threat is unseen or a response lags.
And it’s not just the technology or platforms that need support, it’s ensuring you’ve got a team of experts working on your security 24/7. The 2024 Fortra State of Cybersecurity Survey found that budget limitations are the top hurdle for executing a security strategy.
Need more evidence of the benefits of proactive security? A recent study reported that finding “an error due to poor application security in an app’s coding phase, instead of during initial planning, costs five times as much to fix —and that soars to 30 times the cost post-release.” Or that organizations with high levels of incident response (IR) planning and testing saved $1.49 million when breached compared to companies with low IR levels.
There Always Will Be Risk
When an arctic freeze is headed to your hometown, you can do everything recommended to protect your home from the cold, but a pipe still may burst. It’s the same with cybersecurity — no level of investment in your security strategy will provide 100% protection against threats. But those businesses with strong detection and response programs will identify the majority of threats and recovery more quickly when a response is needed.
For many businesses, implementing a managed detection and response (MDR) program, such as Fortra’s Alert Logic MDR, not only enhances security but also garners executive buy-in for the overall cybersecurity strategy. Explore our unrivaled security solutions tailored to your environment and ensure the protection your organization needs in the ever-evolving landscape of cyber threats.