Business leaders don’t always view security threats the same way that IT departments do. Business people think about spend in a risk reward paradigm. They tend to ask questions like; What am I getting for the dollars being spent? Will this purchase make us more secure?
Business people are motivated by three things, increasing revenue/decreasing cost, mitigating risk, and creating an unfair competitive advantage. If you can align your security spend with one of these three areas, you will be much more effective in getting your initiative implemented.
For example, we work with a law firm that was looking at SIEM. They recognized the need to have a more granular view over their IT infrastructure and processes but weren’t sold on SIEM. However, once they realized that it would allow them to pursue and retain large customers that required law firms to have a SIEM solution in place they were sold.
When it comes to something like endpoint security, it easy to get bogged down in features and benefits instead of focusing on how the features and benefits can truly help your environment. Keeping Cryptolocker and ransomware at bay is a great way to justify spend for next gen endpoint solutions. One breech can be extremely costly just to remediate.
Business leaders need to be shown how investing in security technology financially helps the business. In general, most security solutions help to mitigate risk. Mitigating risk insures that the business can run seamlessly and make money as the business leadership intended.