How do you talk to the board or your CEO to get budget for reducing risk?
Founder/Chairman/CTO in Telecommunication, 201 - 500 employees
The SEC proposed an update to their rules around cybersecurity and one interesting aspect is that they're proposing that public companies report on their board of directors’ cybersecurity expertise, if there is any. That signals the fact that they're trying to integrate cyber risk into general governance. We have HR risk, forex risk, and all of these other risks that we manage as a function of growing a business. Cybersecurity is just another one of those. It's not this special kind of risk that sits off to the side demanding budget. Even in terms of raising the possibility of the conversation, it can help to go through that and show that this is where the market is going, and help the CEO understand that this is what the SEC thinks about it. Eventually the CEO will be put in a position where stakeholders will probably ask them the same questions, which is a pretty compelling conversation starter.Director in Construction, 1,001 - 5,000 employees
The CISOs role is to educate, assess and communicate. The CISO doesn’t “get” budget but instead is given budget based on a business need. So to answer the question to be given budget there must be a risk that is communicated to the business that the organization feels needs remediation. This can be done through risk assessment findings, maturity assessments, compliance needs or just by putting forward an effective business case.Chief Information Security Officer in Healthcare and Biotech, 1,001 - 5,000 employees
Nowadays, the Information security risk is very familiar to everyone. So, talking about the budget is not an unknown flyer. CISO and head of InfoSec must be mindful before about the info security risks, and business impact ( especially on the customer experience, users experience, system performance etc) if these cases are taken care off; getting the budget is easier compared to earlier.I also believe post covid it become much easier.
Content you might like
Very confident - they get it23%
Somewhat confident - they have some understanding72%
No confidence - sad, but true5%
75 PARTICIPANTS
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.Yes47%
Only partial understanding44%
No5%
Unsure2%
329 PARTICIPANTS
Director Global Network / Security Architecture and Automation in Finance (non-banking), 10,001+ employees
Nothing ever dies in Enterprise. Why did Broadcom Software buy Symantec and VMWare, why did SDX Central post a story today about MPLS and how it lives on. Why is the hot news about cloud repatriation becuase a terrible app ...read moreHead of Information Security in Services (non-Government), 1,001 - 5,000 employees
You need to tell people what to expect and what not to expect from IT. We’ve tried to train people to expect that IT will do certain things or make requests which are okay to comply with, but IT will never call you out of ...read more