How to get your cyber security budget approved by the board
There’s a few ways to improve the approach to the company board that will significantly help to get them onboard with improving cyber security, especially when linking this to risk mitigation.*
1: Get full buy in
Partial board buy in is worthless, aim for full buy in. To do this there's a requirement to ensure that everyone on the board understands the risks. What will happen to them? What will happen to the company? What will be the industry consequence (fines/regulations)?
2. Keep it simple
Too much information is not going to go down well, they will get bored and switch off because they have other things to deal with. If it’s a document, make it no more than two pages, if it’s statistics can you graph them?
3. Physical presence
Stand up in front of the board if you can. This gives you the opportunity to say more (speaking is faster than reading). It will help show emotion, and you can ask them questions, which improves interaction and adds to improving understanding.
4. Research & Plan
Do some research on the board, find out who has an interest and who doesn't. Read previous board papers if you can or ask another colleague. Asking for protection against iPhone risks when the board is all using android may be seen as wasted time (even if everyone in the graphics department is on apple). Find out who gets bored the quickest and focus on them a little more etc.
5. Present Options
Don’t assume the board is going to be wanting to be thinking and researching what the options are, and don’t push an ultimatum. Instead, give them options, everyone likes a few options, and with the board they will always have more on their mind than just what’s being presented regarding cyber security. Make sure you ask for a decision though, and you set up a suitable budget to support your recommendations.
In the end, the best approach often tends to be keeping it simple, quick and focused. If the presentation has gone well, and they want more information they will ask for it and you can deliver more.
At present cyber security is all over the news, and has been for the last few years. It doesn't hurt to mention an incident that is widely known, but don’t dwell on it, focus on breaking the cyber security tasks down into smaller ones and take those steps to improving.
- TechForce Cyber COVID-19 assistance
- The Essential Cyber Hygiene for your business
- Why do you need a SIEM?
- New Year cyber security recommendations
- How to uncover network vulnerabilities
- Protecting your identity online
- What is a VPN and why do you need one?
- Quick tips to improve your board’s cybersecurity
- Password Management Software
- How to make of your employees the best line of cyber defence against cyberattacks
- Certificate management processes
- What is Phishing and what can you do to prevent it?
- Found malware, now what do you do?
- Data breaches and other scary 2019 events- Special Halloween post
- The TechForce Sponsorships
- How to start a career in the security industry
- Protecting your business in the cyber security era
- Secure Your Supply Chain
- Case study: British Airways Fined £183.4million for Data Breach
- The Silver Bullet in Cyber Security
- Fake invoice email scams and Office 365
- How to apply for the Cyber Essentials Voucher Scheme
- What is Business Email Compromise (BEC) and how to stop it
- Everything you need to know about Cyber Essentials
- Cyber Essentials Demystified
- How to choose a Security Awareness Platform
- 6 Quick and Easy Email Security Tips for Dummies
- Hackers On Tour
- How to share passwords safely in your Small Business
- In the news - Warning. North Sea firms likely already attacked
- 10 Steps to Cyber Security
- 6 Top Tips to Prevent Cyber Attacks
TechForce Cyber COVID-19 assistance
We are facing one of the biggest challenges we have ever seen. COVID19 sweeping the country. At TechForce, we are trying to do our bit to help.More
The Essential Cyber Hygiene for your business
We hear about the Travelex, British Airways, Maersk and Equifax data breaches. Over 90% of these incidents can be prevented by following basic Cyber Hygiene for your businessMore
Why do you need a SIEM?
A SIEM is a security information event manager, which very simply means its software that manages events regarding information security, simple enough.More
New Year cyber security recommendations
In this blog post we give you some new year cyber security recommendations to protect your accounts and identityMore
FOR LATEST UPDATES SUBSCRIBE HERE: