How to Convince the Board to Invest In Cyber Security BEFORE a Breach
Charlotte Ratcliffe, Boardish CMO | 15/03/2021
The number of cyber threats companies are facing is increasing each year, with threats becoming more sophisticated. The number of employees working remotely has also increased as a result of COVID-19, and with it, so has the number of possible entry points for malicious or bad actors. Faced with all these threats, it has become increasingly important to get cyber security budgets approved and assure sufficient resources for threat mitigation before the threats occur.
How to approach decision-makers
While IT and cyber departments calculate probabilities and risk scores, the board usually compares financials. That is why it’s important to present cyber threats from a business perspective – financials and ROI.
By speaking in money terms, you can make it clear what they are investing in. Investing in secure cloud-based services, remote team collaboration, and communication software allows people working from home to work faster and more efficient, minimising downtimes. Investing in security suites protects your employees from phishing attacks, viruses, and malware, preventing data loss or theft. For example, backups ensure uninterrupted workflow and provide an additional layer of security against ransomware attacks.
Ransomware attacks have become a real problem for a lot of companies. This malicious software encrypts data on an infected system and spreads to other networked devices. In order to retrieve data, the company is blackmailed into paying large amounts of money. Failure to do so usually results in permanent data loss.
Regular backups and employee education are the best way to mitigate these types of threats. Loss of valuable data can bring immense financial losses for the company, and this should be clearly communicated to decision-makers.
How to speak in financials?
While there are methodologies you can use to convert risk scores into ROI, they are not logistical or very accessible. However, by using Boardish, you can easily quantify threats and calculate how effective each threat mitigation solution is. This paints a clearer picture to decision-makers on why they should approve your budget and invest in cyber security. For each threat your company faces, you can assign one or more mitigation approaches, each with different effectiveness. You can enter the cost of employee downtimes, education, software solutions, professionals, and more.
Boardish allows you to run quick simulations on the most efficient and effective solution combinations. Sales loss, market loss, regulation, or salary loss are all available, and you can present custom results to the board, focusing only on what is important to them.
By speaking in financials and focusing on the business perspective, you make it easier for the board to reach a decision and also make the entire process faster. With Boardish, you can communicate complex IT solutions in a simple and accessible manner, leading you to have your cyber budget more likely to get approved.
Ultimately when it comes to convincing the board to invest in any budget commitment for cyber and IT you need to:
- Effectively communicate the risk to the company in monetary terms.
- Share the solution mitigation in financial figures
- Show how much the full solution cost is including implementation and maintenance!