How do you talk to the board or your CEO to get budget for reducing risk?

2k views3 Comments

Founder/Chairman/CTO in Telecommunication, 201 - 500 employees
The SEC proposed an update to their rules around cybersecurity and one interesting aspect is that they're proposing that public companies report on their board of directors’ cybersecurity expertise, if there is any. That signals the fact that they're trying to integrate cyber risk into general governance. We have HR risk, forex risk, and all of these other risks that we manage as a function of growing a business. Cybersecurity is just another one of those. It's not this special kind of risk that sits off to the side demanding budget. Even in terms of raising the possibility of the conversation, it can help to go through that and show that this is where the market is going, and help the CEO understand that this is what the SEC thinks about it. Eventually the CEO will be put in a position where stakeholders will probably ask them the same questions, which is a pretty compelling conversation starter.
Director in Construction, 1,001 - 5,000 employees
The CISOs role is to educate, assess and communicate.  The CISO doesn’t “get” budget but instead is given budget based on a business need.  So to answer the question to be given budget there must be a risk that is communicated to the business that the organization feels needs remediation.  This can be done through risk assessment findings, maturity assessments, compliance needs or just by putting forward an effective business case.
Chief Information Security Officer in Healthcare and Biotech, 1,001 - 5,000 employees
Nowadays, the Information security risk is very familiar to everyone. So, talking about the budget is not an unknown flyer. CISO and head of InfoSec must be mindful before about the info security risks, and business impact ( especially on the customer experience, users experience, system performance etc) if these cases are taken care off; getting the budget is easier compared to earlier.
I also believe post covid it become much easier.  

Content you might like

Very confident - they get it23%

Somewhat confident - they have some understanding72%

No confidence - sad, but true5%



CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
46.4k views133 Upvotes323 Comments