Request Demo

Translating Security ROI to Non-Security Management

down-arrow

Calculating Return on Investment (ROI) for a cybersecurity budget is complex. Knowing the risk of possible breaches or hacks and how much should be invested to lower the risk - and future risk - is a difficult ask. At times, making these budgeting decisions feels like buying into an insurance policy, investing in more technology in the event that something bad happens, if it happens at all.

[Translate, communicate, and track a cybersecurity program that is tailored to your organization's best practices, framewroks, and standards with CyberStrong]

Across all industries, a major challenge for security stakeholders is calculating and communicating ROI on cybersecurity investment to their non-security peers or management. CISOs, CIOs and CSOs have to answer difficult questions regarding ROI on cyber. The notion of security in general is a vague topic, as hacks always seem to occur. Enterprises within just the last few months have experienced breaches, and management most likely cracked down on what they were spending their cybersecurity budget on and why.

Security executives have to communicate the importance of cybersecurity investment in terms that show an effect the bottom line. Questions like what is the appropriate amount of financing for cyber?, how secure is secure enough?, and how does the business approach becoming secure in the first place? are common. Organizations increased their infosec budgets by 24% in 2016, but security leaders still have to justify their cybersecurity spend to upper management every year, which can be difficult as mentioned earlier. Those bottom line minded executives have a difficult time quantifying the ROI of cyber investment into dollars. 

Cybersecurity is truly about risk management and loss prevention of those assets that a company holds dear. Any investment into cybersecurity needs to demonstrate to the business that it's focused on positively effecting the bottom line, and defending the company's highest value assets. Look into what assets are the most valuable, and what assets of those are being targeted by threats. This information dan indicate areas to invest more cybersecurity-related capital, and what technologies to deploy.

Kapersky Lab says that the amount of financial loss suffered by SMEs averages at $38,000 i the event of a breach. Looking at other companies in your industry and showing management the breaches that occured, how it effected their assets and how much the breach cost the company financially will help convince them of the importance of security investment.

Ultimately, the idea of translating security risk and investment potential to non-security executives is a good one. Not only does it increase the chances of obtaining a more precise and agreed-apon cybersecurity investment, but it also allows for information sharing and a deeper understanding of the threat landscape and what that means for the company for those who wouldn't otherwise know it. As we move towards running cybersecurity as a business function, and towards proactivity in our organizations, getting more stakeholders involved in the process can allow companies to scale their security departments, budgets, and decrease their cybersecurity risk.

Running Better Security Assessment Every Time is Critical to Proving Compliance Best-Practices. Learn How to Streamline Your Next Assessment with our Comprehensive Guide to Streamline Any Assessment.

You may also like

Marriott Breach Points To Issue In ...
on December 13, 2018

On Friday, November 30th, Marriott International announced what could be one of the largest data breaches in history. Over 500 million guests’ personal data, ranging from names to ...

The Key To Turning Your Security ...
on December 13, 2018

It is often said, “if you don’t want something noticed, don’t talk about it”. This is true of a bad GPA, a stain on a carpet, or a project you might have missed a deadline for. ...

Solving The Cybersecurity Skills ...
on December 6, 2018

It is no shock to those in the cyber community that cybersecurity has become a board-level issue for many enterprises. A PwC survey showed a 20% increase in CEO’s concern over ...

The Next Wave Of Innovation For ...
on December 12, 2018

   The internet of things (IoT) is a force transforming the modern enterprise. Anything from robotics in warehouses to smart manufacturing to data center monitoring, the ...

The Corporate Compliance and ...
on December 4, 2018

Corporate compliance and oversight (CCO) is one of the main pillars to a strong integrated risk management (IRM) program and solution. Today, compliance leaders are faced with a ...

Securing the AI powered enterprise
on December 5, 2018

Machine learning and artificial intelligence (AI) has become the competitive differentiator of our time. By 2020, Gartner predicts that almost all new products to enter the market ...