Connect with us

Business

IT security is not a cost, but a business investment
Advertisement get any work done online gawdo.com

Business

UK targets Gupta's GFG Alliance in fraud probe linked to Greensill

Business

Wizz Air joins airlines cancelling Tel Aviv flights

Business

Ant leapfrogs banks to top China fund sale rankings

Business

Honda returns to profit but expects chip shortage to crimp 2021 earnings

Business

Poundland owner Pepco valued at 5 billion euros in Warsaw listing

Business

IT security is not a cost, but a business investment

Published

1 year ago

on

IT security is not a cost, but a business investment

By Joseph Carson, Chief Security Scientist and Advisory CISO at Thycotic

Justifying investments in new or additional cyber security initiatives to the board, can be a particular challenge for IT security professionals. Part of the problem is that the C-suite typically views IT security as a cost centre rather than an asset that can add value to business processes. Unfortunately, this means that when the time comes to review budgets, IT security is one of the first departments to be at the sharp end. But times are changing. Data breaches, like those at BA and Marriott International, both of which resulted in multi-million-pound fines, have ushered in a new era where investment into data security has direct repercussions for the boardroom, and the bottom line of the business.

To ensure IT security is given the necessary funding to protect the business, CISOs must work closely with CFOs to set smart business metrics that clearly demonstrate securities strategic value.

Recommended
Media Placement Opportunity With Promotions . Get 25 Articles Placed on 25 Different Websites & Promoted
Media Placement Opportunity With Promotions. Get 25 Articles Placed & Promoted
Here is How to Get Your Press Release Distributed To 200+ Websites
Here is How to Get Your Press Release Distributed To 200+ Websites
The Linkedin Influencer Marketing Bundle For Your Business But Under $100
The Linkedin Influencer Marketing Bundle For Your Business But Under $100

The strategic imperative

Joseph Carson

Joseph Carson

Thycotic research shows that CISOs struggle to secure enough funding and support from their boards to achieve their cyber security goals. According to the Cyber Security Team's Guide to Success, one third (34 percent) say that they don't get enough funding to implement additional security solutions. This could be down to the fact that a quarter (26 percent) report that their boards are not prioritising IT security as strategically important.

In such cases, it is not surprising that when reviewing budgets, IT security comes to the top of the list. Why would you want to prioritise investment in something if you don't view it as of strategic importance? However, this would be a mistake. The perception of IT security purely as a cost centre will ultimately lead decision makers to think about how corners could be cut, and costs could be reduced. Following such an approach opens businesses up to security risks that could cost them significantly more in the long run. For instance, if a firm falls foul of the GDPR, it could end up having to pay a fine of up to the greater of four percent of its global turnover or €20 million.

Think people and business first

Clearly, CFOs aren't cyber security experts, nor should they be expected to understand the minutiae of security initiatives. However, there needs to be better communication between the CFO and CISO in order to clearly demonstrate the business value of IT security and to make the necessary budgetary commitments. To this end CISOs need to be encouraged to take a "people & business first" approach, where they consider how any security initiatives can help their firm and its employees to more effectively accomplish tasks and goals. By thinking about non-security focused objectives, CISOs will automatically start thinking about issues in a business-centric way that will make their work easier for others outside the IT security team to understand and relate to.

This starts with talking about the right metrics. CISOs need to use metrics that clearly demonstrate to the board the business impact that they have made. This means re-thinking quantitative metrics that have little or no context or which are weighed down in jargon-filled parlance. For instance, reporting that so many thousands of vulnerabilities have been patched to show how busy the IT security team has been might seem impressive, but what does that actually mean for the business? CISOs need to paint a picture about how their activity is not only protecting the business, but also helping it to operate more effectively. Metrics that CISOs should use are those that show how security is protecting revenue, saving employees time or improving productivity. This is highlighted in the Thycotic research where 44 percent of respondents said that using data to demonstrate the wider business impact makes the biggest difference in how a security budget is allocated. It was also said to be the most important factor.

However, to be able to do this CISOs need to talk to their CFOs to find out exactly what the board needs in terms of efficiency savings, business goals and so on. They also need to have a conversation about any other areas of the business that could become more efficient with improved cyber defences, as well as finding the evidence for how much money has been saved thanks to IT security initiatives.

"It is time for security teams to spend more time listening to employees and their business goals" – Joseph Carson

Recommended
If You Need Leads Or Customers For Your Business, You Should Try This
If You Need Leads Or Customers For Your Business, You Should Try This
Here Is How To Explain Your Services Or Products To A Mass Audience
Here Is How To Explain Your Services Or Products To A Mass Audience
Get Your Products Or Services Into The Inboxes of 35,000+ People. Here is How
Get Your Products Or Services Into The Inboxes of 35,000+ People. Here is How

Related Topics:
Editorial & Advertiser disclosure

Call For Entries

Global Banking and Finance Review Awards Nominations 2021
2021 Awards now open. Click Here to Nominate

Newsletters with Secrets & Analysis. Subscribe Now

www.gawdo.com

Newsletters with Secrets & Analysis. Subscribe Now

brighttalk webinar

Newsletters with Secrets & Analysis. Subscribe Now

Recommended

Here Is How To Explain Your Services Or Products To A Mass Audience
Here Is How To Explain Your Services Or Products To A Mass Audience
Get Your Products Or Services Into The Inboxes of 35,000+ People. Here is How
Get Your Products Or Services Into The Inboxes of 35,000+ People. Here is How
Media Placement Opportunity With Promotions . Get 25 Articles Placed on 25 Different Websites & Promoted
Media Placement Opportunity With Promotions. Get 25 Articles Placed & Promoted
Here is How to Get Your Press Release Distributed To 200+ Websites
Here is How to Get Your Press Release Distributed To 200+ Websites
The Linkedin Influencer Marketing Bundle For Your Business But Under $100
The Linkedin Influencer Marketing Bundle For Your Business But Under $100
If You Need Leads Or Customers For Your Business, You Should Try This
If You Need Leads Or Customers For Your Business, You Should Try This
If You Are Looking for A Massive Advertising & Publicity Campaign With Results, You need to check this Out.
If You Are Looking for A Massive Advertising & Publicity Campaign With Results, You need to check this Out.
Here is How to Get Your Press Release Distributed To 200+ Websites
Here is How to Get Your Press Release Distributed To 200+ Websites
Feature Your Organization On Global Banking & Finance Review
Feature Your Organization On Global Banking & Finance Review
Create The Publicity You Need. Get Your Business Featured On Major Publications
Create The Publicity You Need. Get Your Business Featured On Major Publications