Bytes Cyber Journal: Entry 6 - Cyber in the Boardroom
Friday 24th May 2024
Cyber in the Boardroom
Budget creation, brand protection, & creating opportunity.
For many years now, cyber security has been high on the agenda with the C-level and board of organisations across the globe. And yet, many still find it difficult to get an appropriate amount of resource (be it time, head count, or budget) allocated to tackling the rising and complicated issue of cyber threats. In this blog, we will be exploring how we can elevate the cyber conversation in the boardroom to encompass creative ways of aligning budget, protecting and enhancing your organisation’s brand, and creating new opportunities to gain competitive advantage in your market.
The Challenge
Money makes the world go round, or so they say. And there never seems to be enough of it… we must pick and choose what we’re spending our money on, and your organisation is no exception. On average, organisations spend just 10% of their IT budget on cyber security. The problem that cyber security has always had is that it gets tarnished with the view that it is there as a preventative, to stop bad things happening to our businesses. The issue with considering cyber security as an insurance policy is that it then appears to bring about little or no tangible return on investment, making it difficult to prove its worth and secure future budget.
The implications of this hurdle are frustrating at best and at worst, devastating. Without securing budget and senior-level sponsorship, the organisation is unable to mature their security posture, unable to confidently embark on the journey of digital transformation, and inevitably paints themself as a target to threat actors whose methods are only getting more sophisticated.
What To Do Next
Fortunately, there are several ways in which to engage with the various stakeholders you will need to win over to get cyber security higher on the agenda for your organisation. For example, when looking to take a broad approach to prioritise a variety of cyber security projects, a benchmarking exercise can be a great place to start. I will use CIS (Centre for Internet Security) as a prime example of a framework that your organisation can be assessed against.
By mapping your organisations current capabilities and resources against a wide-reaching framework in a CIS Gap Analysis, you can simply highlight areas of strength and weakness in a way that will resonate with any C-level executive.
When it is time to discuss budget allocation, this is when you can get creative! Firstly, let’s consider everyone’s favourite technology buzz word: consolidation. A common theme among a large majority of security vendors now is ‘The Platform Approach’. Niche vendors tackling point problems with point solutions are no longer the flavour of the month. Vendors have caught on to the idea of making themselves stickier with their clients by tackling multiple business challenges. This represents an opportunity for businesses looking to consume these products, as it gives you the freedom to manage less solutions to cover the same number of bases. Better yet, when we view cyber security even more holistically (which the CIS Gap Analysis will help with, by the way), we can start to think about consolidation through the lens of integration. Technologies communicating with each other (usually via APIs) to enhance one another, making the collective cyber security investments more than the sum of their parts.
Lastly, another consideration when you’re looking to get cyber security spend approved: leverage marketplace investment.
The amount of investment organisations are looking to commit to cloud marketplaces is set to skyrocket over the next 2 years, estimated to reach $50 billion by the end of 2025.
This is a great way to strategically align your security projects to a financial commitment made to your cloud provider(s) on an annual basis. In a lot of cases, this helps security teams obtain budget from a more ‘universal’ pot of funds, because the cost of many security products can be drawn down from that overall commitment figure, through cloud marketplace purchases. Often, this helps the organisation fulfil its commitment to the cloud provider, so it’s a win-win for all involved!
How Bytes Can Help
The next step will vary for you depending on the appetite your organisation has for investing in cyber security. With this in mind, below I’ve tried to simplify a complex spectrum of stances your organisation may take on security budgeting.
If your organisation has budget for cyber security projects but doesn’t know what to prioritise: In this case, I recommend starting with a CIS Gap Analysis. Our team of experts at Bytes will help you self-assess against the CIS framework, which covers all major aspects of cyber security. From this assessment, you will have a comprehensive, yet easy to digest report that will highlight areas that deserve the most attention.
If your organisation struggles to find budget for cyber security projects, but has an appetite to explore: Here, you will want to explore what can be done around cloud marketplace commitments. Work with your Bytes Account Manager and our team of security specialists who will help you identify the technologies available to purchase through this route and will help you build a business case for utilising the investment in this way.
If your organisation has little or no additional cyber security budget above and beyond keeping the lights on OR feels it already has too many sprawling technologies: Let’s re-evaluate your existing investments, explore potential to expand on existing platforms, and, importantly, see if you’re making the most of current investments through integrations. Integrations play a key role in optimising and maturing your security posture. They are also the backbone of philosophies like ‘Zero Trust’ (which is a whole other blog!), which can help minimise your risk exposure through thoughtful technology selection, product enhancement, and policy.
Thank you for reading.
If you have any questions, or would like to learn about any of the content covered in this blog, please email our friendly team via [email protected]
Want to keep informed? Sign up to our Newsletter