What strategies would you recommend to IT leaders in companies that still consider security a luxury?

433 views4 Comments

CISO in Software, 51 - 200 employees
Executives read the Wall Street Journal, so if their competitor or somebody else got nailed with ransomware, all of a sudden it's a top board issue: "What are we doing about this? How can we take care of this? Here's some money.” Otherwise, trying to get money for something that is not currently a problem is really tough.
VP, IT and Operations in Software, 1,001 - 5,000 employees
Customer success has become so relevant because regardless of how good your product is, if it starts impacting your brand, then there are so many other competitors that latch onto your business. You have to create a story that’s similar to the way we see customer support, because companies are now very specific about support and they're investing a lot to build a good team. Customer success is now one of the most important things after sales. Create a story where security has the same impact on your brand, or your ability to retain customers. That might add more perspective for leadership, because it's a very technological thing and often the senior executives and board are not that technology savvy. You have to translate it into specific ROIs to change how people look at investments in security.
Board Member in Healthcare and Biotech, 1,001 - 5,000 employees
My 2 cents

1. Explain the current state let the Management know what can go wrong if there is a compromise. Make sure it is documented for future sake. They need to understand the cost of “not doing” security.

2. Publish information on breaches and incidents that occur to a large enough set of people internally

3. Attempt to get an entry on security risk into the “Risk Register” that is maintained by the GRC committee.

4. Finally, try to find a business champion who will take your cause to the table every time.
Senior Information Security Manager in Software, 501 - 1,000 employees
Security is a luxury in the same way plumbing and electricity are luxurious.  The reality is that they are all fundamental aspects of running a business in 2022.

Anyone who thinks security is a luxury will end up paying for it in terms of ransomware, legal fees, penalities and more.

Content you might like

First day on the job10%

Sometime during their first week52%

Sometime during their first month26%

2-3 months after their hiring date6%

It depends on their role/level3%

Other (explain in the comments section)1%



CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
47k views133 Upvotes324 Comments

API security is our top priority8%

Very high48%




API security is not at all a priority for us1%