Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    How to sell cybersecurity to your executive team

    bigstock--200243779.jpgScott Schlimmer wrote a great post at CSO about the constant battle between profitable business investments and “unprofitable” security investments to protect the current bottom-line.

    Despite the headlines, growth-oriented executives tend to prioritize other expenses. Here is an excerpt with a link to the post at the end.

    Despite repeated major, high-profile breaches, most cybersecurity teams still struggle to get sufficient funding. “After this hack, cybersecurity budgets are bound to increase.”  We’ve all thought it. But, curiously, it may not always happen.

    According to Russ Verbofsky, CIO and CISO at the New Mexico Department of Game and Fish, “You can pay me today or tomorrow. But tomorrow includes a press release describing that we weren’t proactive in protecting our data and systems.”

    The problem is not necessarily lack of funds. Another CISO from a medium to large US state commented, “From what I have seen the issue is not necessarily that the money is not there, typically the issue is that security almost always competes with other operational priorities.”

    So, what can a security professional do to get around this odd phenomenon and ensure the funding necessary to protect his or her company from becoming the next Equifax?

    1. Speak their language

    Cybersecurity experts have a habit of losing their audience and confusing them, often speaking too technically and with too many acronyms. If your board or executives doesn’t understand, they’re going to be more hesitant.

    2. Use metrics and visuals

    Focus on business-oriented metrics. How much monetary loss have your controls prevented? How many dollars are likely to be saved through the investment you’re asking for?

    Also, you need to speak in charts. Executives need simple visuals to show these things. Picture the cliché charts of profits going up. If you can’t do this in-house, then it’s vital that you outsource this. It will pay off later, with increased buy in and budget.

    3. Get outside verification

    Another Fortune 500 CISO put it best. “Frequently, management doesn’t believe the experts they hire. After failing an audit, then they start to believe.”

    Link to the full post with more detail. 

    Free Phishing Security Test

    A great way to convince C-level execs is with the Phish-prone percentage of your organization. 

    Cyber-attacks are rapidly getting more sophisticated. We help you train your employees to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks. Take the first step now. Find out what percentage of your employees are Phish-prone with our new, improved free test. 

    Get Your Free PST Now

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/phishing-security-test-offer

    This was cross-posted from SecurityIntelligence

     

    Return To KnowBe4 Security Blog

    Topics: Cybersecurity

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews