How to Show IT Budget as a Percentage of Revenue To Communicate To Decision-Makers ​

IT budget presentation image

How to Show Cyber & IT Budget as a Percentage of Revenue To Communicate To Decision-Makers

IT budget presentation image

Showing cyber and IT budget as a percentage of revenue helps show IT and cyber threats and solutions in a business context, and more importantly, in a setting and language of the board level. This makes it easier to understand the value of IT operations and how they benefit or affect the bottom line. 


When the board understands the role of IT operations in the overall revenue stream, it is more likely you will get your IT budget approved. But how can you go about showing the budget like this? 

First you need the right data

IT budget approvals require some cold hard figures for things that are not easily quantified, such as various risks. While the IT department can deal with low, medium, and high risks, these don’t make much sense to the board. 

You will need several sets of data points before you can get financial figures. 


  1. You need to know your risks – these can be determined via a risk assessment
  2. You need to know the solutions – for each risk, you must know which solution you’d like to implement so you can propose it and have it approved 
  3. You need to know the business revenue – knowing revenue figures is necessary so you can create a comparison (before solution is implemented vs. after implementation) 

You also need the right toolkit

With all the risks determined and solutions chosen, you can now use Boardish to help you quantify the threats and risks. With Boardish, you can also put numbers on the cost of the solution and present it as an average IT budget percentage of revenue. 


This way, the board can see that the IT spending is a much smaller chunk than paying the aftermath of a threat that wasn’t covered well. 


It’s a very straightforward process that doesn’t require any type of implementation into your systems or access to your data centres. It works independently – all you do is input the data it needs to give you the figures you’re after. You will need: 

#1 A few details on your company

You’ll need to input things like the name of your company, number of employees, country, currency, and annual turnover rates. 

As for employees, you will give detailed figures based on how much they rely on technology. Finally, you’ll need to give some salary information, including average salary for different categories. 

#2 Input of threats

Add all the threats that you wish to showcase. During IT budget approvals, presenting the impact of threats is what matters most. 

In this step, you will input how high the risk is, how many turnover days and sales you expect, and how it affects employees. 

#3 Solution input

Next, you’ll add the cost of the solution (either as a one-time payment and/or cost per year). You’ll be able to quantify full solution costs including experts at every stage later in the process.  

#4 The threat protection factor 

How successful your solutions are in handling the threats and one of the unique elements to Boardish. Usually, you can get the factor from your initial risk assessment, or your own experience. It’s completely manual in Boardish because somethings, like risk, shouldn’t be left to AI.  You can quantify effectiveness in both the cloud and on-prem. 

#5 Expert cost 

Here you can put in all the costs associated with implementing solutions and dealing with threats. You can put in hourly rates and the number of hours you expect your IT team will need for it. 

#6 Regulation impact for each threat

Finally, you can add the risk of additional fines for breaching important security regulations such as GDPR. 

Boardish will use all of the above data points and turn them into a financial figure that you can present as a percentage of revenue to help get IT budget approvals


To find out how to show cyber risk as a percentage of revenue, get in touch with a member of the team here: 


Quicker IT & CYBER Budget Approvals

When technology meets 'bottom line'. There's Boardish.

Get the pragmatic guide to cyber risk quantification