Convincing busy executives and boards that your organization’s cyber security risk is worthy of attention is the challenging task of many IT professionals.
Business leaders are faced with a variety of important issues every day, constantly balancing the appropriate action with available and often-limited funding. So how do you ensure that your voice is heard and the necessary budget is allocated to manage cyber risks to your organization?
Hopefully, you’ve made headway in achieving change and transformation in your organization’s cyber security. Congratulations! Now you need to keep the momentum going.
At dig8ital, we help companies around the globe manage their cyber security risk. Here are some tips to help you prepare for these conversations to influence your organization’s decision makers on why cyber security is important:
1. BE PREPARED
Find articles and case studies of real-life cyber attacks and the consequences. Even better if they are examples within your industry.
While attacks on large-scale corporate, healthcare and governmental organizations make regular headlines across the globe, the reality is no business is immune. And the threat can come from anywhere, even within your business.
Learning how breaches occurred within other companies, and how they responded, is a powerful way to demonstrate to your executives the importance of having a sound cyber security strategy.
2. KNOW YOUR AUDIENCE
Put yourself in your CEO’s shoes to figure out what cyber security threats keep them up at night.
Is it protecting confidential customer information? Or is it your organization’s valuable intellectual property? Knowing this is critical, and will help you identify which areas of the business to focus on when building cyber resilience and digital protection.
3. test a ‘what would happen if…’ scenario
When it comes to delivering on the plan, you’ll hear noise, that’s almost inevitable. For example ‘it’s too much work!’ or ‘I don’t have time for this!’. But this noise is important, it’s an indication that you’re on the right track – because when real change happens, it’s uncomfortable for people.
Is your business prepared to manage a cyber attack? Do you have a process that could be followed in the event of a breach?
A crisis management simulation is an exercise you can carry out to reveal how prepared your organization is (or isn’t) for a cyber attack.
Take an industry example you found in Step 1, plan and play out your own response to a similar breach with key people within your organization.
Following the exercise, take time to debrief and evaluate what went well, what went wrong, and what needs to be done should a similar scenario take place in the future, in reality!
“No one wants their business name in the news headlines for a major cyber attack. You need to be ready now – and to convince the leadership team it’s a top priority.”
— Alexandre Medarov, dig8ital Founder and CISO
4. Listen
Don’t hide in a bubble. Instead, make sure you are paying attention to where your organization is going.
If your company is in the middle of a merger or takeover, for example, there’s going to be cash available to ensure the integration or sale is successful. This could be a good time to ask for budget. This is also a period of increased risk, and cyber security should be highlighted.
Keeping your eyes and ears open to the company strategy and direction will enable you to understand where you can leverage cyber security, and what language to use to succeed.
5. Seek out sponsors
Make it your mission to find senior leaders to help you present your case and support you. Having these people vouching for you adds weight to your cause, and builds your credibility.
Working with reputable cyber security professionals is another way you can further grow your credibility. They have a wealth of experience helping businesses successfully undertake digital transformations, and their input and guidance would arm you with an added level of knowledge, support and expertise.
6. Don’t rush it
You have a seat the table but who are you? If you’re new to an organization, had a promotion or are not particularly senior, people may not yet trust you. So it’s up to you to build it.
Building trust and credibility so senior leaders will listen to you takes time. They probably won’t agree to big changes or expenditure immediately.
You will set yourself up for success if you start small, are well prepared and understand your audience.