You’d think every business that deals with customer information and data would have a security program in place by now. But that’s not the reality. There are trends and obstacles that seemingly stop businesses from setting up security measures to protect sensitive information.
The chart below from Cisco reports that from 2015-2017 the greatest obstacle was budget. So why is such an important thing like security left on the boardroom room floor when budget cuts come around?
The chart also recognizes obstacles like compatibility issues with legacy systems and lack of trained personnel. In the past, we’ve covered the topic of training team members with cybersecurity best practices.
But we want to focus this article on the largest wall that businesses are facing when it comes to security: Money. Building a cybersecurity plan for your business costs money. Implementing your security plan is another bite from the budget. Paying for security awareness training and
We know that businesses, especially new businesses, are operating under reduced budgets and that IT isn’t always at the top of the list for “must-haves.” When things like advertising seem more vital, it’s easy to not understand the risk of not having a security program in place.
Look at the healthcare industry, for example. According to a report published by Black Book Research, IT spending remains stagnant while the volume of cyberattacks continues to increase. According to 88 percent of hospital representatives surveyed, IT security budgets have remained level since 2016. This is due in large part to the fact that hospitals find it hard to invest in something that will not produce revenue.
For this reason, it is important to have a person who is experienced in budgeting and risk management in the room when you’re discussing how much you can set aside for your information security program costs.
Who are the decision-makers?
The Chief Financial Officer (CFO) is more involved than ever in the decision making process for cybersecurity budget allocation. This is because cybersecurity is no longer just a technological risk, it is a huge financial risk as well. A cyber attack can have huge risks on the financial status of a company.
A CFO’s experience in mitigating risks qualifies them to be a key player in the decisions related to cybersecurity spending.
The IT team should also be a part of these conversations. Your CTO will have an understanding of the security requirements and be able to communicate those points to the CEO.
What can you do?
You should start by coming to the conclusion that some form of security is a necessity. The reward of having a security program in place outweighs the risk of not.
When budget talks come up, take the lead and lay out the risks that come with not having a cybersecurity program and then take the recommended next steps in making your company more secure.