If You Fail to Plan, You Plan to Fail - Selling Security to the C-Suite

"If you aren’t talking about cyber security to your C-Suite and Board, you should be"

To help the C-Suite get to that place, you need to start with a comprehensive risk assessment, the foundation of all cyber security governance plans. Armed with the risk assessment, which also can provide information on how your business is compared to others in the industry, it will be much easier to make a case for investments in security.

In addition to the risk assessment, an industry maturity model review will provide a third-party expert evaluation of the company's security infrastructure and preparedness in clear report executives and directors can understand.

Clearly defining the risks, goal and objective of your cyber security plan and needs. Protection of assets, reputation management, intellectual property and end goals should be communicated to leadership to underscore the connection between cyber security and the business’ objectives.

Otherwise, security can fall to the wayside with the onslaught of issues IT leaders face today.

Another aspect to keep in mind, is cost. Over the past two years, the cost of security products has escalated with security spending ballooning to 21 percent of IT budgets across most industry sectors, according to a March 2016 Forrester report. It’s even as much as 44 percent, according to another study. 

Pair the cost issue with the complex security architecture created by organization restructuring and the hardware-based security market and we see the creation of an environment where it is challenging to have a uniform global security posture.

Finally, the lack of trained cybersecurity professionals has made it a very competitive market to fill every security job. Cybersecurity Ventures announced last week the cyber security unemployment rate has dropped to zero percent. Japan, for example, is struggling to fill the ranks of cyber-warriors needed in time for the 2020 Olympics, according to The Japan Times.

In thinking about how to sell security to the C-Suite, you can use these factors, along with the security assessment, to start the conversation.

Support for cyber security needs to start at the top. If you don’t have buy-in from your board, add it to your 2017 to-do list.

Level 3 Communications [NYSE:LVLT] headquartered in Broomfield, Colorado, provides data, security, video, voice and unified communications solutions to overcome IT challenges. Founded in 1985, the firm has its presence in Africa, Asia Pacific, Europe and Middle-East.