How to Quantify Cyber Threats as a CISO in 2020

How to Quantify Cyber Threats as a CISO in 2020

The recently released Internet Organised Crime Threat Assessment (IOCTA) for 2019 by Europol shows that the threat landscape has matured, and key threats have grown in persistence and tenacity. 

The report confirms that destructive ransomware threat remains high. Phishing, spear-phishing, and vulnerable remote desktop protocols have been identified as the primary infection vectors. 

Such a threat landscape requires continuous efforts in the identification of main cyber threats to the organization and how much damage they can do. 

CISOs need to be prepared for 2020 and coordinate their security efforts with the board and their company goals. 

Communicating cyber threats in the board’s language—exact figures and business impact—requires a way to quantify these threats. 

To quantify these cyber threats, CISOs require greater access to the organization’s key financial data and other indicators.   

#1 Identifying the biggest threats and their financial impact on the company 

Identification of the largest cyber threats seems to be the biggest hurdle in presenting cyber risk and exposure, mainly due to the fragmentation of digital solutions in organizations.

According to Deloitte’s Future of Cyber Survey, 41% of CISOs state that Shadow IT presents the most challenging aspect of cybersecurity management in the organization, followed closely by  37% of CISO stating cyber transformation presents a large challenge.

Shadow IT makes it challenging to quantify cyber risk, as there is no overview of all systems. This makes it next to impossible to get a good snapshot of organizational cyber maturity or security posture. 

When the departments integrate digital solutions on their own, there is no alignment of IT with critical business goals. 

How does it relate to quantifying cyber threats? 

The board requires a good overview of the maximum potential threat so they can make the right risk assessments. Getting ShadowIT under control is the primary objective to be able to deliver such assessments. 

Simply saying the largest cyber risk (such as data leakage or breach) will cost the company millions, destroy it, or have far-reaching consequences is not enough anymore. 

How much would the cyber incident cost if left as is? 

How much would your solution cost? 

How much exposure would remain after implementing the solution? 

Would your solution be a sound decision, from a financial standpoint?

Speak in actual numbers that affect the company, not industry averages.

 

#2 Getting access to the company turnover figures

Back in the day, CTOs and sysadmins, as they were called in smaller companies, had nothing to do with turnover figures or any type of financial statements outside of the realm of IT. Times have changed, and nowadays, cybersecurity is an integral part of every company. 

With digital systems running in every department, the CISO requires a full overview of each of them to devise a data and information security strategy that will minimise risk and make the organisation more resilient to threats. 

How does it relate to quantifying cyber threats? 

Nowadays, CISOs must have access to company turnover figures in order to be able to quantify risk in terms that the board will understand. If the board wants to talk about cyber threat risk figures, you must show them how cyber threats will affect the organisation’s turnover. 

The profit/loss reports would give better insight, but these are impossible to get if you’re not in a directorial position. Instead, focus on getting company turnover numbers to build your case.

 

#3 Presenting the impact of technology issues on employees 

To get a clearer picture of how a cybersecurity incident will affect employees, it’s best to separate users as high, medium, and low impact. 

Technology issues won’t affect all users in the company in the same manner. 

Some will experience only mild inconveniences but be able to continue working. 

Some won’t be affected at all.

Some, however, won’t be able to do a single thing until the issue is resolved. 

How does this relate to quantifying cyber threats? 

Quantifying the impact of cyber risk depends heavily on how your operations will take a blow. When you have a clear picture of how dependent your users are on technology, you will be able to calculate the impact. 

If users can’t do their job at all—high impact users—it means their operations are standing still, which makes the risk and its cost greater. 

If users aren’t that affected, the cost will be lower too.

 

#4 Presenting the financial impact of “downtime” on the company’s salaries 

The amount of high, medium, and low impact users determines more than just the extent of the impact. It also shows how much downtime will cost in terms of salaries—how much it will cost the organization that these employees won’t be able to work. 

How does this relate to quantifying cyber threats? 

Even if employees can’t work because of the security incident that needs to be resolved, they will still get their salary for the day. How much will this add to the total cost of the security incident? 

You don’t need exact figures for every possible employee you hire, of course, but having an idea of salary averages will help you determine this cost. 

To get some idea on salary figures, ask the CFO or somebody in the financial department. You might even want to use external resources that can give you averages, such as Glassdoor.

 

#5 Determining the financial impact of “downtime” on the company’s sales 

Most of the time, cybersecurity incidents have the greatest impact on company sales, since the sales processes are heavily dependent on technology. Your e-commerce stores won’t bring you any sales if the servers are under attack or if payment processing is down. 

How does this relate to quantifying cyber threats? 

While sales aren’t your responsibility, the impact of cyber threats on sales falls within your role. CISOs have the responsibility to communicate the impact of cyber threats on sales and present the costs of worst-case scenarios. 

How many turnover days will the company lose in case of threat X? 

Within each turnover days, what percentage of sales will go down the drain? 

What is the chance of losing market positioning in case of threat X?

To provide relevant numbers, you must include the Sales team, and any other team related to sales to give you the required information on how market positioning and sales will be affected in worst-case scenarios.

 

What is the financial impact of IT regulations? 

Information and data are top targets of cyberattacks, and all companies are under strict regulations on how to protect it, no matter what industry you are in. 

Take GDPR as an example—the data protection act lists extremely high fines for companies that do not take necessary measures when it comes to personally identifiable information (PII). 

How does this relate to quantifying cyber threats? 

CISOs must quantify the impact of all regulations pertaining to the company in case of worst-case scenarios. The GDPR, for example, has extremely high fines. Depending on which is greater, the company might face fines of 20 million euros or 4% of its annual revenue in case of a data breach and must be included into the potential financial impact of cyber threats. 

Most companies won’t stand a chance of recovery from such high fines.

 

What is the efficiency of my solutions against the biggest cyber threats? 

After presenting cyber threats that are most likely to affect the company, CISOs must also present the solution. To sell the solution, you must quantify them too—their immediate and annual costs, in comparison to the costs of the threat they are solving. 

In addition, there is also the efficiency factor of the solution—how much of the risk will it mitigate, and how much exposure would remain? 

The efficiency of the solution depends on the threat type and environment. Is it prem? Is it in the cloud? 

There are very few scenarios where a cyber solution will have 100% efficiency so decision-makers need to see the exposure left and weigh up the risk factor themselves. 

How does this relate to quantifying cyber threats? 

The reason why CISOs must quantify cyber threats is to put the costs in perspective when compared to the costs of efficient solutions. 

Solution efficiency and cost help them justify investments that will improve the company’s resilience and overall security posture. 

It is likely that CISOs will have more than one solution to mitigating the biggest threats, with each of them having different efficiency depending on the environment. 

Showing the summed up costs of solutions versus the cost of a security incident without solutions will help the board understand just how much a security incident can set the company back.

 

Conclusion: 

For 2020, CISOs must answer critical business questions clearly and speak in exact figures. They must quantify cyber threats and present solutions in terms of how they help maintain critical business strategy and operations. 

With Boardish – boardish.io – CISOs will have access to a tool that helps them quantify cyber threats quickly, without having to deploy anything on-premise or grant access to their systems. 

CISOs must work together with all departments and get all relevant information to present real threats in real numbers. 

Boardish can help them create a snapshot of their company and help them run scenarios of different threats and their financial and market impact. 

Let 2020 be the year of real numbers!

Quantify Cyber Threats & Solutions

And get your IT budget approved quicker!

Are Soft Skills Becoming More Important Than Tech For IT & Cyber Pros?

Are Soft Skills Becoming More Important Than Tech For IT & Cyber Pros?

Soft Skills for IT

It wasn’t that long ago that IT professionals were hired for their IT knowledge and specialisation. The so-called hard skills they learned through education, training, certification, and on-the-job experience were all that was important. 

Now we see a shift in what organisations are expecting from cyber professionals in particular. The most prevalent trend for new IT roles is a large emphasis that’s placed on soft skills. 

The Shift Towards Soft Skills

The inclusion of soft skills to the list of wanted skills for IT and cybersecurity roles shows that the field is maturing. 

The West Monroe Partners study “Closing the Technology Leadership Gap” reveals that 98 per cent of HR leaders confirmed they place high importance on soft skills for getting a technology position, and a staggering 67 per cent didn’t offer a job to a candidate with all hard skills because of lack of soft skills: 

Soft skills are an integral part of the individual’s personality. They determine how an individual will respond to pressure and different circumstances in the workplace, how they will adapt to changes and interact with others. 

This shift in requirements is partly due to changes happening to the role of IT and cyber professionals within organisations now—they aren’t an isolated unit that just keeps things running. 

They are becoming an integral part of the C-suite, with CIO, CSO, CISO, CTO, CDO roles helping IT contribute to business success. 

Recently, IT and cyber pros are in more and more contact with the board or key decision-makers. They must have a proactive approach, and they must ensure that IT is in sync with the organisation’s long-term goals. 

Most important of all, they must be able to develop strategies that will help achieve such goals and have the means to explain these strategies and complex subjects from their field to stakeholders who do NOT possess hard IT skills and won’t understand the technical focus that will make it possible. 

The Soft Skills Gap Is Driving the IT Talent Gap

And while there are cybersecurity and IT talent shortages across the globe, organisations are demanding that IT and cyber pros have a good set of soft skills,  and opting to leave the role vacant for longer if necessary.  

Their reasoning? It’s easier to teach hard skills than soft skills. 

While this might be true, teaching soft skills will yield good ROI as well, as was demonstrated at MIT. It will take a while for organisations to offer professional development in soft skills, so IT and cyber pros might want to focus on developing these on their own. Doing so means being able to command a much higher salary and benefits. 

What Soft Skills Are the Most Important? 

Whenever an IT or cyber pro can’t use their vast knowledge and experience to get an approval for new solutions or strategies, a soft skills gap might be the culprit for it—communication skills, in that particular case. 

In the digital era, IT and cyber pros have become a go-to source to help with crucial business decisions. By using the right tools and language, IT and cyber specialists can make the board understand the impact of new IT and cybersecurity developments in a way that matters most—the financial impact on the company bottom line. 

IT pros who are well-versed in soft skills and know their way around business terms will have an easier time presenting their findings in front of the board. The most important soft skills for the IT field will be: 

  • Communication and negotiation skills – The ability to effectively communicate and explain your findings, risks, solutions, and strategies to the board and other stakeholders.
  • Presentation skills – Oftentimes, IT pros will find themselves in a position where they must present their findings to those who don’t have a technical background or leading a course on cybersecurity threats and new IT solutions to in-house staff. Knowing how to shape the presentation will decide whether the subject is clearly understood or not. 
  • Adaptability and problem-solving skills – The IT and cyber landscape is in a state of constant change, with new issues and threats being revealed each day. A professional with  well-developed creative thinking skills will have an easier time troubleshooting and solving IT and cyber issues, and have no issues with being an early adopter of new tech solutions. 
  • Teamwork and conflict resolution – IT and cybersecurity professionals now work side by side with other departments, so being a good team player who knows how to defuse tense situations when working towards a common business goal takes priority over being a solo player focused on their own success. 

What soft skills play the most important role depends on the IT role within the company. 

  • Managerial positions require communicating changes, leading meetings, make presentations, and explain problems and issues. 
  • Leadership roles require communication, active listening and analytical skills, translating technical requirements to terms that are understood by all, breaking down complex concepts, and documenting issues and actions. 

The biggest issue with soft skills is that it’s hard to teach and learn them, but it is not an impossible task. 

Developing Soft Skills as an IT and Cybersecurity Professional

The only way to get better at soft skills is to practice using them. The first thing you must do is to identify areas that you struggle with. Everyone has their strengths and weaknesses, so find out what yours are and then improve. 

Here are a few tips on improving your soft skills: 

  • Ask for feedback – Sometimes, self-assessment is not enough, so ask for feedback to become aware of areas you might have to work with. 
  • Learn from those with good soft skills – When you identify the skill you are lacking, don’t hesitate to take pointers from those who are good with a specific skill. If your colleague is great with explaining complex subjects, ask them to become your coach.
  • Do not shy away from challenges – Be proactive in getting a lead position on tasks and projects, as this helps you hone your interpersonal skills, especially communication, management, and conflict resolution.

Stay Ahead

Most important of all, always be willing to continue learning and improving your skills. The IT and cybersecurity landscape is changing rapidly and will continue to do so. So professionals in the industry need to keep up. 

Cyber and IT pros must be willing to update their knowledge and share their insights and strategies with everybody else in the company and work on improving their soft skills to make communication and presentation efficient and easy to understand.

Align with the board

Explain why/how your solutions work, to a non-techy audience. 

Why Are IT Budgets Hard to Get Approved (and How to Make It Easier)?

Why Are IT Budgets Hard to Get Approved? (and How to Make It Easier)

Why Are IT Budgets Hard to Get Approved

As the time to get the IT budget drawn up nears, it can be stressful to think of ways to get it approved. Many organistions are not prioritising IT and this can make approvals harder and harder. But why is this? 

Recent statistics show that IT budgets are growing steadily, yet the allocation of those budgets is still heavily in favor of operational tasks. As a result, little is left for innovation, change, and protecting against risk. This poses a real issue, as companies that keep the status quo in their IT often get left behind their competition and fall victim to the ever advancing cyber crime.

But the C-suite may not understand this. 

So why are IT budget Approvals such an issue?

There seems to be a gap between what the board has in mind for IT and what IT professionals feel is needed. These issues most often boil down to having vastly different priorities and not seeing eye to eye. There are several reasons why it comes to that: 

1. IT is seen as a drain 

The biggest problem with IT budgets and the whole approval process is that they are seen as an unnecessary drain on the budget. When the board can’t seem to understand just what you are doing with the budget, it’s hard to justify it at all.  

2. The board doesn’t know that IT contributes to revenue

There is rarely a direct correlation between IT budget and sales (i.e., revenue generation), and return on investment isn’t as apparent as with other departments. As an IT pro, it’s your job to shed light on that correlation. 

Basically, the questions you want to answer are: 

  • How are you improving customer experience? 
  • How is IT helping with more sales? 
  • Will your IT plans improve production?
  • How are you improving efficiency? 
  • How are you reducing business risks?

3. It’s difficult to present hard numbers

Another reason why it’s hard is because the very nature of the work you do is hard to quantify: How can you put numbers of the skills and expertise you have in your IT department? How does that translate into a figure that the board will understand? Can you quantify risk reduction or potential risk impact? How can you justify everyone’s role in the department?  

4. There are issues in communication between IT and the board

Failure in communication is another reason why budgets seem to be stuck. When you don’t speak the board’s language, you will always experience a disconnect when you talk to board members. 

They will talk analysis and business risk. On the other hand, you will talk about new technology, specifications, and why it’s better than what you already have. This causes a miscommunication and means getting approvals is a much longer process. 

5. Budgets are seen as operational only

Another issue with approval is that budgets are often predetermined. This most often happens when the board is viewing IT as a strictly operational asset – one that is there just to keep things working instead of making it possible to improve business, increase revenue, and reduce risk. 

6. Board response is slow

The environment nowadays is changing much faster, with many companies needing to adopt lean and agile methods to keep up. And IT seems to be left behind. The board is often set in its ways and just keeps IT budgets the same, although some of the technology might already have reached the end of its life cycle.

So how can you make the approval process easier?

You might feel it’s frustrating to deal with so many hurdles, that there is no way around it .The most important thing to remember, however, is that the IT department is a crucial factor in any business. This is especially true nowadays when all businesses are so reliant on technology and the ability to protect it.

Therefore, the IT department’s role is supporting business operations and growth. One way to do this is to adapt your IT budget pitching so it gets approved. Here’s a few pointers on how to make the approval easier: 

1. The IT goals should align with business goals. 

While it might be more natural to talk about technology, tech talk will often fall on deaf ears when you’re speaking in front of the board. Cybersecurity issues will stay poorly defined threats until you can present some real numbers. 

So instead of simply saying that operations will be safer, talk about risk and gain – how you reduce risk, how the new tech helps in that, and what the business will gain from new tech – in terms of revenue or savings. 

2. Skip sheets, use visuals when pitching the IT budget

Use tools that will let you present your data in a way the board will understand. While many IT pros will stick to presenting a sheet with numbers only, these rarely help as it’s hard to visualise the actual impact. 

The better option here is to help the board visualise the possible gains. You can use tools that will generate the most important insights as soon as you input all the data and help you prepare charts and visuals that are easy to read and remember. 

3. Run possible scenarios 

A great way to get the board’s support and attention is the use of your organisation’s real data to present possible future risks. 

Instead of just saying there’s a possibility of a data breach, show instead how likely it is to experience a breach and how long it would take to detect it. 

Then, present a solution for the breach threat and show the new numbers – how much more unlikely it will become, how much faster you can detect it, and how much less of an impact it will have on revenue. 

There are already free tools like Boardish out there that help IT professionals run actual scenarios in front of the board and adjust them at any time, so the board sees the impact of proposed IT changes right then and there.

4. Give them something tangible 

The board will often disagree on your IT proposal if you want to implement new tools and software, especially if it’s a big and expensive project like moving to the cloud. 

Instead of staying focused on the cost of implementation, you should present them with the cost of NOT implementing such systems. 

For example, the cost of keeping your on-premise equipment vs. the cost of moving everything to the cloud. With on-premise systems, there is a much higher risk of breakdowns and downtime than with cloud systems and with cloud you get greater flexibility. 

In this scenario, you could explore the need to manually upgrade your on-premise systems, working on implementing redundancy solutions and the cost of overhead and utilities that come with on-premise systems. Then, you can compare all of that maintenance cost with the cost of moving to the cloud and ongoing costs of using a cloud-based system. This way, the board will see that in the long-run, moving to the cloud will save them a lot of money. 

5. Be transparent 

Avoid presenting your solutions as the perfect way to solve the issue! The market shifts happen frequently, and so do shifts in the cybersecurity and technology sector. With new technology and threats, you might have to adjust your solution, so make sure the board understands the need to be agile. 

GDPR, for example, disrupted the security sector to the very core, with many businesses risking fines because they just weren’t ready for such a shift. Adjusting all operations to new regulatory requirements demands that you have enough leeway in your IT budget to react to such changes on time. 

Conclusion

Remember that no matter how good you are as an IT professional, the board of directors are the ones who make the final decisions. Making sure you’re seeing eye to eye with them is crucial in getting your IT budget approved. 

So make sure you use all the tools in your arsenal to show them clear visuals. This way, you can present scenarios on how your projects help keep the company safe from threats, reduce risk, and increase efficiency. Most importantly, let them see that IT helps generate more revenue and protect against risk. 

Improve Business Reactivity

When technology meets ‘bottom line’, There’s Boardish.

10 Pro Tips for Pitching Your IT Budget

10 Pro Tips for Pitching Your IT Budget

10 Pro Tips for Pitching Your IT Budget​

The success rate of pitching your IT budget depends on how well you prepare for the pitch. You might have lots of new projects you wish to pursue, but what happens if you don’t get approval? 

The following 10 tips will help you secure a successful pitch.

1. Determine Board Expectations

The board’s budget expectations are a crucial factor that determines whether you’ll get what you’re asking for or not. 

Those expectations depend on current company earnings (good earnings equal budget increases, while a slow year might mean cutbacks), overall economic climate, and the importance of your department within the company. 

But most importantly it’s understanding what the board expects for the budget. How does the board want IT to facilitate business needs? Understand these expectations and you’re likely to formulate a budget that’s more successful.

2. Gather C-Suite Intel

The corporate level is your go-to source of relevant budget information before pitching your IT budget

Corporate executives will have already set up a general budget for the upcoming period and you can use this as a guideline. It will tell you whether you can request an increase, if it’s better to wait and allow you to test the waters. 

3. Align IT Priorities with Business Priorities

A dialogue with c-suite executives will also shed light on current business priorities – what’s the most crucial goal to accomplish – and you can tune the budget towards achieving that goal. 

You’ll have a much easier time pitching your IT budget if your priorities are aligned with the overall business priorities. 

Make it clear that your IT spending is in service of achieving long-term business goals.

4. Have a Strategy for Every Amount

If you’re looking for a 15% increase when pitching your IT budget, you can’t expect to get it approved if you don’t have a plan/strategy on what you will do with that budget. As much as you’d like a ‘buffer’ in your budget, be prepared to quantify where every amount goes, the board shouldn’t have to guess whether you will utilise these 15% in a good or bad way. 

5. Treat the Budget Like Your Own Funds

Many professionals, not just IT managers, seem to have an easy time spending company money without a second thought. It’s not yours anyway, right? 

This is the worst possible stance on it! You have to treat your budget exactly as if it were your own money and show responsibility. 

Instead of just asking for more because you didn’t have enough in the last quarter, look for alternative approaches is there a way to stretch the current budget so it will be enough? What are some areas where you can save?

6. No Need to Spend Everything

Are you spending every penny in your budget even if you don’t have to? Do you fear you will get less next time if the board sees that you can do well with less? 

Fear of cuts doesn’t justify spending everything just for the sake of it. Show the board that you know what you’re doing with the money you have and are working hard to save wherever possible. 

That way, when you ask for more, you’ll have developed more of an authority to justify it. 

7. Gather Team Input

Your IT team will have firsthand experience on what they are spending on most, as well as why. Is there a particular department that constantly needs new hardware, or perhaps you’ve recently implemented an upgrade which is why you’ve spent more of your budget this year. Get information directly from the source and ask them about hardware, software, training, and what they think should have the highest priority and why.

8. Check Company-Wide

Conduct interviews and surveys, and invite the staff to offer suggestions and observations they had during different tasks and projects. Did they have a hard time accessing data because your data centres are not consolidated? Or perhaps they had issues with outdated software? 

You will have to make difficult choices when determining priorities, but this way you’ll have a much better overview of what to address first. 

9. Have a Backup Plan

You might not get approval for everything you requested, so before pitching your IT budget, determine what you can go without. Will you cut on everything ongoing and project expenses or will you cross off a project or two off the list?  

10. Be Ready to Scale Down

Unforeseen circumstances can strike a business at any time, so make sure to have a plan in place in case you’re asked to reduce spending mid-year because of lower earnings or business specific issues.

Pitching your IT budget

Pitching your IT budget is the easy part, it’s the preparation before pitching that you should focus on. When you have data from all relevant sources the board, your team, and company standings you’ll have an easier time aligning your budget with company needs and getting approval. 

Improve Business Reactivity

When technology meets ‘bottom line’, There’s Boardish.

IT Project Proposal Essentials For Your Next Board Meeting

IT Project Proposal Essentials For Your Next Board Meeting

IT Project Proposal Essentials

There are IT project proposal essentials that you need if you want to be successful and get your IT budget approved. The best proposals have a detailed layout that answers all questions and pain points the board might have, in a language that they understand.

The main reason why IT project proposals, in general, fail is a lack of understanding on both sides. There is often a wide gap in communication between the board members and the IT team.

We can be led astray by assuming that the people we are presenting our proposal to share the same agenda, values, and needs, and this can’t be further away from the truth.

Your board members are not part of your IT team, and they will not have knowledge of the latest risks, threats, and developments. This is something that you have to lay out in your project proposal.

Here are the IT project proposal essentials that you should include:

Summary

Give them the most basic information at a quick glance. This should include the project name, purpose, and the key points you want to get across. People have a tendency to skim read and the summary is the first place they’ll look. Keep it brief, but give them the best bits.

Organisational Fit And Compliance

Make sure to explain how your solution fits in with the organisation’s strategy and long-term goals, and list all compliance requirements it should adhere to. Of course, you also want to provide proof that it is compliant with business and industry standards.

Then discuss the goals of your IT project, and define your objectives clearly. What do you expect from the project, what kind of outcome? What deliverables can they expect? Who will be the beneficiaries? Don’t just stick to the IT department, talk about it as an organisational whole. What are you trying to achieve for the business, and how does this tie in with their own business goals?

Costs & Benefits

Without tangible benefits, your proposal won’t be approved. You need to quantify the risks and the solutions of what you’re proposing and not only the benefits but what would happen if they don’t go for your approval. Present industry statistics here; for example:

How much business has improved for others who implemented the solution?
What kind of value does your proposal provide?
How does it affect current operations? Will the company be able to increase revenue? Does your solution provide cost savings?
What is the cost of missing out?
Remember that it’s likely that your resources are limited, so you will have to present a very solid case on why money should be spent on your IT solutions over other parts of the business. Any numerical data you mention here should be easy to understand. List your proposed budget, cost of implementation, and any ongoing costs. If your solution requires addition IT staff, know how to justify the costs that come with it.

Key Tip: Being transparent builds a good relationship with the board. They don’t like to approve projects to find out they actually cost a lot more in reality! Get really specific and detailed with costs, making sure they are accurate!

Disruption

One of the key IT proposal essentials that managers tend to forget is discussing the business impact during implementation. Is there going to be any downtime during implementation? For example: 

  • If you’re implementing new IT security solutions, will you have to install some new software on each workstation?
  • Is there going to be any type of setup involved once install is finished? How long will it take?
  • Will the business have to be offline at any point and therefore unable to take payments?
  • Are you planning to work on a weekend to avoid disruption but this has increased costs?
 

Risk

Never, ever sugar coat your proposal! If there are risks with your proposed solution, make sure you identify them, list them, and detail how to manage and mitigate them. It’s not a bad idea to have a documented escalation path in case something goes wrong, as well as solutions like project monitoring and progress reporting to keep track of the project implementation. Things rarely go smoothly so this covers all bases, just in case, and shows the board you’re looking at the project as a whole, rather than isolating into your department.

Time Scale

Present the time table for the project, including start and end dates, project phases, and milestones to reach. Never list ideal circumstances. Give your project ample time for each phase, because things never work out ideally, no matter how well you prepare everything.

Assessment

Finally, provide evidence that your solution is the best course of action. Give a good overview of the current system (or lack of) and explain why you should move away from it. Include some alternative solutions too, and explain why they are not such a good fit. Some board members might ask why change anything in the first place, so make sure you explain why doing nothing is a bad course of action (for example, competitors are never idle, IT systems continually evolve, etc.).

Visualisations

Meetings can be boring and graphs, charts, and diagrams can provide an excellent break and showcase what you want to get across instantly! Check out Boardish to see how it quantifies all of the data you need for your proposal, as well as sharing some interesting visuals you can use in your IT project proposal.

Just remember, before you start drafting your IT project proposal, always double check that you have all the IT project proposal essentials written down and then you’ll be ready for anything.

Improve Business Reactivity

When technology meets ‘bottom line’, There’s Boardish.

5 Tools in a CTO’s Arsenal for Making Tech Proposals

5 Tools In A CTO’s Arsenal For Making Tech Proposals

5 Tools in a CTO’s Arsenal for Making Tech Proposals
When preparing your tech proposal, there are many hurdles to overcome – first and foremost, you need to align it with long-term organisational goals, but this is only the beginning. In order to truly ace the proposal in front of the board, you will need a good selection of tools for making tech proposals to help you prepare.

#1 PowerPoint

It goes without saying that PowerPoint is the go-to tool when you’re making a tech proposal.  It helps you emphasis what you’re presenting, can make your proposal more engaging and offers a delivery method that is pleasing to the eye. Just remember to keep information concise! There’s no point in you just reading off of a slide so keep it brief and make your speech go hand in hand. 

Some pointers on how to design your PowerPoint presentation include the following: 

  • Your first slide is the one that should grab their attention, so be direct and simply list all the topics you will cover. Avoid any specifics here.
  • After that, discuss the risks the business are currently facing, as well as the potential impact they might see. 
  • Then discuss possible solutions you’re proposing and how your tech solutions will contribute to business optimisation, execution, and efficiency.  
  • The closing slide should always be strong, summarise the most important points, and be clear about your requests. 

Statistics are the key here! The board and senior staff members are interested in the numbers! They want you to justify and quantify what you’re saying.  

 

#2 Canva

Compelling graphics help you emphasise key points and help the board members remember key data and statistics. 

Canva is a great beginner graphics tool that can help you. It’s very simple to use, with tons of templates to get you started. There are free templates to choose from, or you can create your own designs from scratch too. Plus, they have PowerPoint-ready formats you can adapt to save you even more time. 
 

#3 Boardish

Boardish is a uniquely equipped platform that helps you to quantify risks and solutions using visualisations and calculations that the board can relate to. You can use these visualisations in your presentation to demonstrate how specific factors will affect the organisation. It means the board will have an easier time grasping the actual impact of your proposal when you present some hands-on evidence, and they will see clearly how doing nothing or not implementing specific security options will affect them in the long term.

#4 Prezi

For those who want a fully dynamic presentation, this tool for making tech proposals is the next step up from PowerPoint. Instead of making your proposal a one-sided and linear experience, Prezi makes your proposal highly interactive.

There are no slides, just a single large canvas where all the other elements are located. Going from one point to another doesn’t involve going from slide to slide, but from one element to another. You can zoom in, reveal, or jump between elements to achieve a dynamic look.

The only downside is that you have to pay for this particular solution because all presentations are public by default in the free version of Prezi.

#5 Collaboration Tools

Whether it’s PowerPoint Online or Google Slides, being able to collaborate on your presentation with the rest of your IT team or switching devices while preparing your presentation will save you time and resources. If you will be the only one working on the presentation, you can opt for cloud storage options instead of collaborative software solutions to make it simple to work on from anywhere.

A well-prepared tech proposal will be much more than just a well laid out reasoning on why certain IT or cyber security upgrades are needed. It will have captivating visuals, a good narrative, and the right data and statistics too.

Improve Business Reactivity

When technology meets ‘bottom line’, There’s Boardish.