Feb 13

Industry Insights

How to sell Cyber Security to your Management Team

For any business, it’s a fine line between investing in growth strategies and on protecting existing assets.

Despite the latest ransomware attacks such as Bad Rabbit grabbing headlines across the globe many executives tend to prioritise other expenses and view cybersec services and solutions as unprofitable. The ‘it’ll never happen to us’ or ‘we will deal with it if it does’ school of thought still presides over many board rooms. IT Managers (or those responsible for data management) often have a real job on their hands to get their management executives to take heed and invest in adequate precautions to protect their business.

The consequences of not paying attention to cyber security are far reaching. Obviously, money is the main one with hackers demanding costly ransoms to release data and unlock networks. But the damage to reputation can be even more costly. Even the smaller companies can make the news. With GDPR legislation coming next year the penalties that businesses of all sizes will face if they do not have measures in place to protect their data is significant.

Often lack of funds is not the issue but cyber security has to compete with other areas requiring funding, some like marketing and sales that are directly connected to delivering business.

So how do you sell Cyber Security internally in your organisation.

Speak their language

Executives need to be aware to care but you need to speak their language. Don’t blindside them with jargon and tech talk. Remember they care about their business, about mission-critical operations and profit so explain how cyber-attacks threaten those goals.

Meaningful Metrics

Do some research and show how it is costlier to recover from a cyber-attack than invest in preventative measures. Add to this the cost of recovering market trust and rebuilding a brand image. Use any compliance issues that may affect your industry specifically or broadly. GDPR will be enforced across industry. Central Bank directives will affect financial services.

Introduce a Framework

Explain that the practical approach is to introduce a framework that focuses on prevention, detection and response. This will help executives understand that all aspects are covered and risks at a minimum.

Be Direct

Don’t go easy! Be clear on the risks and the seriousness of them. Let the management know what could happen if your company is exposed to a cyber-attack and that the threat is becoming more widespread and no longer reserved to companies of a particular size. Small or large every company is at risk.

Staff Training

Most hackers gain access through a phishing email sent to staff and they are getting more and more clever at making such emails look legit. Successful cyber risk management involves training staff in what to watch out for to minimise the likelihood of a breach.

IoT means more challenges

Most executives want to be seen to be moving with the times and introducing new methods of working that enable their workforce to be more productive. As time goes by more and more workforces are being mobile enabled meaning more devices (smartphones, tablets, handheld scanners) are connecting to the company’s network from lots of different locations: satellite offices, warehouses, people’s homes, cafes. This introduces more risk as hackers can exploit these devices and use them as gateways to the network. If your board of management is pushing your organisation to be more internet enabled you need to alert them to the security risks and use it to enforce the need for greater IT Security.

Making it Cost Effective

Effective cyber security management involves a multi-layer approach and specific expertise. It is a rapidly evolving area. Outsourcing to a Cyber Security Managed Services Provider can bring the knowledge, the tools and solutions plus the ongoing maintenance of them to a company within their budget. For IT Managers or Data Professionals to stay on top of risks and solutions as well as ensure patches are applied regularly along with managing their daily workload is a difficult task. A trusted MSSP can deliver huge peace of mind to the board or management team that their networks, devices and data are protected and in the event that a breach occurs are quickly recoverable without having to pay a hacker!

We can help you manage your cyber security within your budget. Contact us here for more info.